CVE-2008-6252

smcFanControl 2.1.2 - Local Privilege Escalation via Long -k Option

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6252. PoCs published by xwings.

AI-analyzed exploit summary The exploit demonstrates a buffer overflow vulnerability in smcFanControl 2.1.2 for OSX, where the `-k` option in the `smc` binary fails to handle large input buffers, leading to a stack-based overflow. The PoC uses a Ruby command to generate a 45-byte 'A' string followed by 'BBBBCCCC' to trigger the overflow, resulting in a crash with control over EIP.

Description

Stack-based buffer overflow in the smc program in smcFanControl 2.1.2 allows local users to execute arbitrary code and gain privileges via a long -k option.

Exploits (1)

exploitdb WORKING POC VERIFIED

by xwings · textdososx

https://www.exploit-db.com/exploits/7088

View Code ZIP pw:eip

The exploit demonstrates a buffer overflow vulnerability in smcFanControl 2.1.2 for OSX, where the `-k` option in the `smc` binary fails to handle large input buffers, leading to a stack-based overflow. The PoC uses a Ruby command to generate a 45-byte 'A' string followed by 'BBBBCCCC' to trigger the overflow, resulting in a crash with control over EIP.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: smcFanControl 2.1.2

No auth needed

Prerequisites: Local access to the target system · smcFanControl 2.1.2 installed with default permissions (SUID root)

MITRE ATT&CK