CVE-2007-0355

Apple Minimal SLP Service Agent - Buffer Overflow via Invalid Attr-List Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0355. PoCs published by MoAB.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Apple's Service Location Protocol (SLP) daemon by sending a maliciously crafted packet to a UNIX socket. The payload consists of a large buffer followed by a memory address, aiming to overwrite the return address and achieve arbitrary code execution.

Description

Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MoAB · rubydososx

https://www.exploit-db.com/exploits/3151

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Apple's Service Location Protocol (SLP) daemon by sending a maliciously crafted packet to a UNIX socket. The payload consists of a large buffer followed by a memory address, aiming to overwrite the return address and achieve arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apple Service Location Protocol (SLP) daemon (pre-2007)

No auth needed

Prerequisites: Access to the target system's UNIX socket at /var/run/slp_ipc

MITRE ATT&CK