CVE-2006-6173

Mac OS X < 10.4.6 - Local Buffer Overflow in shared_region_make_private_np

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6173. PoCs published by LMH.

AI-analyzed exploit summary This exploit triggers a local memory corruption vulnerability in Mac OS X by invoking syscall 300 (shared_region_make_private_np) with crafted arguments, potentially causing a kernel panic or arbitrary code execution in kernel context.

Description

Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by LMH · clocalosx

https://www.exploit-db.com/exploits/29201

View Code ZIP pw:eip

This exploit triggers a local memory corruption vulnerability in Mac OS X by invoking syscall 300 (shared_region_make_private_np) with crafted arguments, potentially causing a kernel panic or arbitrary code execution in kernel context.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Theoretical

Target: Apple Mac OS X 10.4.8 (and potentially other versions)

No auth needed

Prerequisites: Local access to the target system

MITRE ATT&CK