CVE-2005-2713

Mac OS X <10.3.9, <10.4.5 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2713. PoCs published by vade79.

AI-analyzed exploit summary This exploit leverages a vulnerability in OSX's /usr/bin/passwd to overwrite /etc/sudoers by predicting the temporary file path used during password changes. It creates a fake passwd file and symlinks /etc/sudoers to the predictable temp file, allowing arbitrary file write and privilege escalation.

Description

passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.

Exploits (1)

exploitdb WORKING POC VERIFIED
by vade79 · perllocalosx
https://www.exploit-db.com/exploits/1545

This exploit leverages a vulnerability in OSX's /usr/bin/passwd to overwrite /etc/sudoers by predicting the temporary file path used during password changes. It creates a fake passwd file and symlinks /etc/sudoers to the predictable temp file, allowing arbitrary file write and privilege escalation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Apple OSX /usr/bin/passwd (pre-patch)
Auth required
Prerequisites: Local user access · Ability to execute /usr/bin/passwd · Predictable PID for temp file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Various Sources third-party-advisory x_refsource_idefense
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=400
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/426535/100/0/threaded
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19064
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16907
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0791
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16910
Patch, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25272
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-062A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/23646
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=303382

Scores

EPSS 0.0104
EPSS Percentile 59.4%

Details

Status published
Products (32)
apple/mac_os_x 10.3
apple/mac_os_x 10.3.1
apple/mac_os_x 10.3.2
apple/mac_os_x 10.3.3
apple/mac_os_x 10.3.4
apple/mac_os_x 10.3.5
apple/mac_os_x 10.3.6
apple/mac_os_x 10.3.7
apple/mac_os_x 10.3.8
apple/mac_os_x 10.3.9
... and 22 more
Published Dec 31, 2005
Tracked Since Feb 18, 2026