CVE-2011-0180

Apple Mac OS X <10.6.7 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0180. PoCs published by Dan Rosenberg.

AI-analyzed exploit summary This exploit leverages an integer overflow in the HFS+ F_READBOOTSTRAP fcntl to read arbitrary filesystem blocks, leading to information disclosure. It demonstrates the vulnerability by dumping specified bytes from the filesystem to an output file.

Description

Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dan Rosenberg · clocalosx

https://www.exploit-db.com/exploits/35488

View Code ZIP pw:eip

This exploit leverages an integer overflow in the HFS+ F_READBOOTSTRAP fcntl to read arbitrary filesystem blocks, leading to information disclosure. It demonstrates the vulnerability by dumping specified bytes from the filesystem to an output file.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Apple Mac OS X prior to 10.6.7

No auth needed

Prerequisites: Local access to the target system

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

Patch, Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4581

Scores

EPSS 0.0068

EPSS Percentile 47.4%

Details

CWE

CWE-189

Status published

Products (14)

apple/mac_os_x 10.6.0

apple/mac_os_x 10.6.1

apple/mac_os_x 10.6.2

apple/mac_os_x 10.6.3

apple/mac_os_x 10.6.4

apple/mac_os_x 10.6.5

apple/mac_os_x < 10.6.6

apple/mac_os_x_server 10.6.0

apple/mac_os_x_server 10.6.1

apple/mac_os_x_server 10.6.2

... and 4 more

Published Mar 23, 2011

Tracked Since Feb 18, 2026