Comments on: Buffer overflows in smcFanControl 2.1.2 for OSX http://kj.security.net.my/?p=127 collecting unknown malware Tue, 01 Jun 2010 04:19:20 +0000 http://wordpress.org/?v=2.9 hourly 1 By: 0xff http://kj.security.net.my/?p=127&cpage=1#comment-52853 0xff Mon, 17 Nov 2008 09:33:09 +0000 http://blog.xwings.net/?p=127#comment-52853 on my 10.5 machine, the smc tool is not installed with root privs, so to overflow it, one would need to control the params passed to it by the GUI tool. the real WTF is that the GUI tool asks for the admin password and stores it in plain old memory. any user process should be able to read it in plaintext from there :D 0xff on my 10.5 machine, the smc tool is not installed with root privs, so to overflow it, one would need to control the params passed to it by the GUI tool.

the real WTF is that the GUI tool asks for the admin password and stores it in plain old memory. any user process should be able to read it in plaintext from there :D

0xff

]]> By: beist http://kj.security.net.my/?p=127&cpage=1#comment-52635 beist Thu, 13 Nov 2008 11:25:10 +0000 http://blog.xwings.net/?p=127#comment-52635 ola! ola!

]]> By: Sey http://kj.security.net.my/?p=127&cpage=1#comment-52546 Sey Wed, 12 Nov 2008 06:05:48 +0000 http://blog.xwings.net/?p=127#comment-52546 Whoaa... Whoaa…

]]> By: Cappella http://kj.security.net.my/?p=127&cpage=1#comment-52529 Cappella Tue, 11 Nov 2008 14:17:24 +0000 http://blog.xwings.net/?p=127#comment-52529 Woohoo! Well done! You actually exploit the code for managing fan. :P What other weird code you are going to exploit? :P Woohoo! Well done! You actually exploit the code for managing fan. :P What other weird code you are going to exploit? :P

]]>