CVE-2005-1725

launchd 106 - Local Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1725. PoCs published by intropy.

AI-analyzed exploit summary This exploit leverages a race condition in Mac OS X 10.4's launchd to create a symlink to a target file, potentially allowing privilege escalation. The PoC forks a process to trigger launchd while attempting to replace a socket file with a symlink to the target.

Description

launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by intropy · clocalosx

https://www.exploit-db.com/exploits/1043

View Code ZIP pw:eip

This exploit leverages a race condition in Mac OS X 10.4's launchd to create a symlink to a target file, potentially allowing privilege escalation. The PoC forks a process to trigger launchd while attempting to replace a socket file with a symlink to the target.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: Mac OS X 10.4 launchd

No auth needed

Prerequisites: Local access to the target system · Mac OS X 10.4 with vulnerable launchd

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111833509424379&w=2

Vendor Advisory x_refsource_misc

http://www.suresec.org/advisories/adv3.pdf

Patch, Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html

Scores

EPSS 0.0076

EPSS Percentile 50.3%

Details

Status published

Products (2)

apple/mac_os_x_server 10.4

apple/mac_os_x_server 10.4.1

Published Jun 08, 2005

Tracked Since Feb 18, 2026