Application Enhancer (APE)
應用程式加強系統 (這樣講了好像等於沒講…)
Application Enhancer
是一套很強力的 framework,能夠在不更動硬碟 (program file) 的情況下改變應用程式的行為,先前比較常見的用途是例如 ShapeShifter (改變 theme) 或是 WindowShadeX (隨時隨地最小化),不過因為這些好像都是些花俏的功能,所以我也沒有很認真地去試用。
而為什麼我今天會再提到它呢 ? 這就要從 MoAB 談起了… MoAB 公佈的第一個 bug 是 QuickTime 的 stack overflow,然後有個強者就用 APE 寫了解法,而且還說如果他有空的話,接下來的這個月他都會考慮用 APE 來解決 MoAB 所提出的一系列安全性漏洞;APE 的 blog 上也提到了這件事。
PS. MoAB 的第二個 bug 是 VLC 的 format string 的問題,而 Fuller 也同樣提供了解法。
Comments
Comment from Annoymouse
Date: 2007/01/09, 11:37 上午
APE…有辦法改自己的module嗎? :)
MOAB-08-01-2007: Application Enhancer (APE) Local Privilege Escalation
Application Enhancer (APE) is affected by different issues, one of them is a local privilege escalation vulnerability which allows local users to gain root privileges in the system by either patching the ApplicationEnhancer binary or replacing it. This binary is executed with root privileges and drops them (via setuid to current user id), but the file is actually writable, as well as the whole tree under /Library/Frameworks, allowing the mentioned condition to be abused for privilege escalation.
Comment from Kuon
Date: 2007/01/09, 2:55 下午
http://www.milw0rm.com/exploits/3102
我剛也看到了:)
Write a comment