[SengirV]

In most cases, the Mac will need to be booted into the malicious environment to be exploitable by this flaw. (The netinfod process must be restarted to cause the malicious server to be inserted into the authentication source list.)

Nothing to see here folks, move along.

[general_re]

Nothing to see here folks, move along.

I wish, but this is a nasty hole. Because it's trusted by default, the LDAP server can specify mountpoints on your box, which means I can run any arbitrary code I like by mounting my filesystem overtop yours. I can set up a root crontab job that starts up my code automatically, like enabling SSH, even if you've disabled it, and at that point, I've got a root login available to me, even if you don't - and odds are, you'd never notice what I was up to. All I have to do is sit back and wait for you to reboot to take my configuration instead of yours.