SecureMac.com
About SecureMac Advertise Security Consulting Mac Security Store Send Feedback

Site Information
Site Background
Who runs the site
Advertising
Security Consulting
Employment/Jobs
Feedback Form

SecureMac Software
PrivacyScan

 

Mac OS X Security
sudo buffer overflow exploit + fix
Disable Single User Boot Mode
Malevolence - Dumping Passwords
nidump security
Startup Security - Open Firmware Password Protection

Mac OS X Network Security
SAINT
Secure FTP Wrapper
Ettercap - sniffer interceptor logger
Snort - Network Intrusion Detection System
SSH Admin
SSH Helper
xnu - enable MAC Address spoofing


Mac OS X Virus

Mac OS X Firewalls
Firewalk Firewall Utility
NetBarrier X

Mac OS X App Sec.

Mac OS X Encryption
LittleSecrets
GPGMail - PGP Functionality

Mac OS X DoS

SecureMac Library
Mac Cable Modem Security
Mac Security Auditing
Mac OS X Security Understanding
Mac OS X Security Second Lessons
Mac OS X Security Third Lesson
Mac OS X Single User Mode Root Access
Mac OS X Shareware Firewalls
Mac OS X Secure Installation
Cable & DSL Connections - Security Measures
Better Safe than Sorry
Apple.com Security Resources
Marketing Macintosh Security Programs

Security Concern with Mac OS X
Setuid root applications allow root shell access


Operating System: Max OS X Version Affected: up to 10.1

Security Risk: High
Remote: No
Fixed: 10.20.2001 see below

About:
Mac OS X over the past few months have started to spout security concerns, this being one of the first most publicized attacks on the operating system. Once logged into Mac OS X, any user can obtain a root shell by executing a few simple applications in specific order.

Mac OS X is already on computers in every sort of nature, even after the administrator sets up multiple accounts with specific privileges keeping the user from hacking a root prompt is not that simple.

Take a look at the vulnerability, afterwards we will describe how this actually happens.

Vulnerability:

1. Open up the Terminal.app
2. Quit it.
3. Open up NetInfo Manager (leave it in the foreground)
4. Open up Terminal.app from the *RECENT ITEMS* list in the Apple Menu.

You will now see a terminal logged in as root shown with the # prompt, this is because the application NetInfo Manager has root privileges and told to be executed by the user with the systems allowance. There is a misinterpretation of which user is logged in because a root privileged program is running, thus by opening the Terminal.app from the recent items you are brought to a root prompt.

Picture this: You walk through security with a secret agent, the officer does a ID check to see if the agent have high enough status to carry a weapon, he lets you and the agent in with the understanding that only the agent can carry or use the weapon. Once you are in you take the weapon from the agent, you do this because the person associated with you have the rights, suddenly you have more power. You shouldn't because the access was given to the one agent.

Apple should and will with the next update disable the security risk of gaining root privileges from other programs. Bookmark this page to see updates and user responses.

NetInfo Manager is just one of the setuid applications on Mac OS X to find all files with setuid permissions execute this command:
sudo find / -perm -4000 -user root -print | more

Discussion + Fixes:
FIX! Apple has released a fix for this security issue, to fix the vulnerability simply launch Apple's Software Update utility and start the download or download the fixes file here . Once download is complete and update is finished you must restart for changes to take effect. This wil fix the security issue discussed within this document.

It is said that this apparently is the case with all setuid root applications... Not good.... Submitted by Eric.C

You can temporarily patch this problem by going into a command shell and change the permissions of the Setuid applications so that only root account and admin group have privileges to execute the program. Do this by using the sudo command and chmod 770 setuid.app. This takes away all privileges to any user that isn't root or admin. - will@pnl

Another user suggests keeping the password protected screensaver activated when away from the computer, this will help to stop users from accessing the computer yet fails to stop users with accounts from obtaining root privileges.

Submit your comments below.




Enter Email Address:

Enter your message:


Select Either of These Two Buttons





Security + OS
DiskLock
PowerBook Security Control Panel
Empower Pro
FileGuard
FreeGuard
FoolProof
Deus Lock Master
OnGuard
Keys Off
LockOut
MacOS Algorithm
Modem Security
Password Key
PGPuam
PPF
Shift Key Suite
Stealth Signal
SuperLock Lite
SuperLock Pro
Web-Confidential


Macintosh Viruses
Disinfectant
Sophos Anti-Virus
Norton AntiVirus
Nav 7 Nav 6 Nav X
Virex - Oct
VirusBarrier - Netupdate
vScan - Discontinued.

Mac Physical Security


Macintosh Firewalls
DoorStop Firewall
Firewall Q & A
IPNetSentry
NetBarrier
Norton Personal Firewall

Mac Spyware & Privacy
Monitorer
NetShred - Delete Files Safely

Network Security
MacAnalysis
Oyabun Tools
WDTech RAE
ToolDaemon

Application Security Issues
AIM - AOL Instant Messenger
Back Orifice
Eudora E-Mail Client
Internet Configure
IE 5.1, OE 5.1, Powerpoint, Excel Vulnerability
MS Personal webServer
NetBus
Outlook Express 4.5 Password Flaw
SubSeven
Sub7ME Server

Resource Info
AppleShare Server Info

Mac OS Encryption
EnScript
FGP
FileTwister
ForgotIt?
GenPass
MacLockSmith
My-Privacy
My Secret
PGPi
PGPhone
PGP Personal
PGP Freeware
PowerCrypt-dev
Private File
Quick Encrypt
SubRosa Utilities
Tresor

Deleting Files
Eraser Pro
ShredIt

Backups

Apple Hardware

MacOS DoS
Mac Attack


All material (c) 2014 SecureMac.com and respected owners