Skip to comments.
Remote Root Exploit in Mac OS X
carrel.org ^
| 11/26/03
| William Carrel
Posted on 11/26/2003 1:31:31 PM PST by general_re
Mac OS X Security Advisory
Vulnerability:
Malicious DHCP response can grant root access
Affected Software
Mac OS X 10.3 (all versions through at least 26-Nov-2003)
Mac OS X Server 10.3 (all versions through at least 26-Nov-2003)
Mac OS X 10.2 (all versions through at least 26-Nov-2003)
Mac OS X Server 10.2 (all versions through at least 26-Nov-2003)
Probably earlier versions of Mac OS X and Mac OS X Server
Possibly developer seeded copies of future versions of Mac OS X
Abstract
A series of seemingly innocuous default settings can cause an affected Mac OS X machine to trust a malicious machine on a network for user, group, and volume mounting settings.
What does this mean to the average user
Anyone who can gain access to your network can gain administrator (root) access to your computer and therefore steal your data or launch attacks upon others as soon as you reboot your machine. System administrators and users of affected software should read the section "Workarounds" for immediate actions to protect their machines. It is important to note that WEP security in 802.11b/g (AirPort/AirPort Extreme) wireless networks is generally not sufficient to protect your network from access by an attacker.
Vendor Patch
Apple Computer has been notified of this issue and may be working a fix at this time. At the time of this writing, a fix is not available from Apple.
(Excerpt) Read more at carrel.org ...
TOPICS: Miscellaneous; Technical
KEYWORDS: apple; computersecurity; lowqualitycrap; macuser; macuserlist; nosteenkingpatches; osx; root; schadenfreude
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-79 next last
To: Bush2000
It's like the news that comes out in support of America. If it casts President Bush (or a Republican Gov., like Arnold, in CA.) in a positive light, the anti-Bush/Arnold folks get vewwwwyyyy qwuiet!
To: litany_of_lies
He's probably right. It looks like the major problem is going to be for users on wireless networks, with Airport cards and the like - it's much easier to get someone to take a DHCP lease from you that way than it is to try bashing your way into a wired network. If you're on a wireless network, I suggest you read through the advisory carefully to see what you can do until a patch is issued. If not, it's probably not as serious an issue, as you were told.
22
posted on
11/26/2003 2:10:02 PM PST
by
general_re
(Take away the elements in order of apparent non-importance.)
To: Bush2000
We need to be nice to the Mac people. After all, they do own 5% of the market share.
To: Bush2000
At least there appears to be a timeline for an official fix. Anybody know when "December's update" is coming? Beginning, middle, end of the month?
24
posted on
11/26/2003 2:14:17 PM PST
by
general_re
(Take away the elements in order of apparent non-importance.)
To: Paul Atreides
Giggle.
25
posted on
11/26/2003 2:16:23 PM PST
by
martin_fierro
(_____oooo_(_°_¿_°_)_oooo_____)
To: general_re
Heh, heh!
26
posted on
11/26/2003 2:18:19 PM PST
by
Paul Atreides
(Is it really so difficult to post the entire article?)
To: martin_fierro
Ping!
27
posted on
11/26/2003 2:18:53 PM PST
by
Paul Atreides
(Is it really so difficult to post the entire article?)
To: RedBloodedAmerican; Bush2000; Sabretooth
I don't know about you guys, but I only drive Ford Trucks. I don't like those Chevy Trucks. I don't like those Dodge Trucks. I don't like those car things. Only ford Trucks for me. I won't drive those other things.
That's sarcasm, in case you can't tell.
Now, curl your fingers around part way and curl your thumb around so your thumb touches your index finger, as if you were grasping a bundle of pencils. Hold your hand in front of yourself. Move it up and down repeatedly. Feel better?
If you want security, try OpenBSD.
28
posted on
11/26/2003 2:18:58 PM PST
by
MichiganConservative
(Repeal the welfare state and the 14th, 16th, and 17th Amendments.)
To: general_re
The only reason to gloat is that some of us have been saying for a couple years that the only reason Apple and Linux look secure is that no one has tried to break them.
As targets they're kind of scrawny. Not much meat.
29
posted on
11/26/2003 2:19:07 PM PST
by
js1138
To: general_re
Just talked with Apple Tech Support. Two things:
- They are aware and will release a fix ASAP, but won't say when ASAP is.
- The problem is supposedly of much more concern to people operating wirelessly than with wired Ethernet.
To: litany_of_lies
They are aware and will release a fix ASAP, but won't say when ASAP is. According to this guy, their next monthly will have it. December. Dunno when in December that is, though. Maybe it'll be your Christmas present from Apple ;)
The problem is supposedly of much more concern to people operating wirelessly than with wired Ethernet.
Is there an echo in here? ;)
31
posted on
11/26/2003 2:26:28 PM PST
by
general_re
(Take away the elements in order of apparent non-importance.)
To: Paul Atreides
32
posted on
11/26/2003 2:28:07 PM PST
by
martin_fierro
(_____oooo_(_°_¿_°_)_oooo_____)
To: js1138
Yeah, maybe, but you know how the kiddies are - they'll break s*** just for the hell of it. Anyway, the more complex systems get, the more likely it is that complex and unpredictable interactions will reveal holes...
33
posted on
11/26/2003 2:28:09 PM PST
by
general_re
(Take away the elements in order of apparent non-importance.)
To: general_re
Echo-sorry, didn't see your post before I did mine.
To: litany_of_lies
S'okay - it happens ;)
35
posted on
11/26/2003 2:33:17 PM PST
by
general_re
(Take away the elements in order of apparent non-importance.)
To: litany_of_lies
Basically, if you are Airporting at a Starbucks with an Apple, somebody with the proper tool can "root" you and then do whatever the they want with your computer. But if you just turn off any network authorization services and don't use DHCP, you are fine. However, you probably won't be able to use the network :-)
IMO, This is because of Apple's legacy holdover from Next - NetInfo. They never truly integrated their underlying Users & Groups with the guts of the operating system. It's kind of an early 90's concept tack-on.
They held that piece of junk (NetInfo) over and never converted everything over to the BSD security (probably due to the demands of producing consumer level "friendliness"). Permissions are a mess all over the OS.
This is what happens when the marketing/management suits ignore engineering. Now that it is public, I'm sure they have a crack team of Indians working on the problem as we speak.
Signed - Bitter Ex-Apple Guy That Knows LDAP Intimitely. ;-)))
All that said, I'm still gonna use my Mac laptop with airport in public places. Better than using Windows.
36
posted on
11/26/2003 3:06:13 PM PST
by
glorgau
To: general_re
I usually avoid the PC v Mac threads but, I haven't seen the usual so I will ask (and answer) the question.
'Got Root?'
well yes, as a matter of fact I do.
37
posted on
11/26/2003 3:20:20 PM PST
by
Vinnie
To: glorgau
Basically, if you are Airporting at a Starbucks with an Apple, somebody with the proper tool can "root" you and then do whatever the they want with your computer. But if you just turn off any network authorization services and don't use DHCP, you are fine. However, you probably won't be able to use the network :-)
Good summary. Yep. I love that one: "Turn off DHCP" (or, alternatively, "Unplug your network cable"). BWAHAHAHAHAHAHAHAHAHA!
38
posted on
11/26/2003 3:32:19 PM PST
by
Bush2000
To: Bush2000
Just to let you know that I am one mac user who is not ignoring this thread. I don't worry about these things so much, though, because if someone broke into my computer they would be so bored with it at the end of 5 minutes, that they'd move on. I did turn off my airport thingee, though, as I seldom use it.
I will stay with Mac for the rest of my life, as it's all I've ever used. I think I have my 4th, 5th, and 6th ones right now.
39
posted on
11/26/2003 4:26:26 PM PST
by
basil
To: general_re
In most cases, the Mac will need to be booted into the malicious environment to be exploitable by this flaw. (The netinfod process must be restarted to cause the malicious server to be inserted into the authentication source list.)Nothing to see here folks, move along.
40
posted on
11/26/2003 4:35:28 PM PST
by
SengirV
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-79 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson