This module exploits a format string vulnerability in CUPS lppasswd in Apple Mac OS X 10.5.6 that allows local users to get code execution with elevated privileges. Exploitation requires valid local user, with access to the lppasswd command. After successful exploitation an agent will be deployed. This agent will inherit the user identity and capabilities of the previous agent. However, the euid (as opposite to the uid) of the agent may be not that of the super user (usually is "nobody"), and by using the setuid module (see setuid module documentation), it can be changed to zero (root).
CVE Link
Exploit Platform
Exploit Type
Product Name