SecureMac.com
About SecureMac Advertise Security Consulting Mac Security Store Send Feedback

Site Information
Site Background
Who runs the site
Advertising
Security Consulting
Employment/Jobs
Feedback Form

SecureMac Software
PrivacyScan

 

Mac OS X Security
sudo buffer overflow exploit + fix
Disable Single User Boot Mode
Malevolence - Dumping Passwords
nidump security
Startup Security - Open Firmware Password Protection

Mac OS X Network Security
SAINT
Secure FTP Wrapper
Ettercap - sniffer interceptor logger
Snort - Network Intrusion Detection System
SSH Admin
SSH Helper
xnu - enable MAC Address spoofing


Mac OS X Virus

Mac OS X Firewalls
Firewalk Firewall Utility
NetBarrier X

Mac OS X App Sec.

Mac OS X Encryption
LittleSecrets
GPGMail - PGP Functionality

Mac OS X DoS

SecureMac Library
Mac Cable Modem Security
Mac Security Auditing
Mac OS X Security Understanding
Mac OS X Security Second Lessons
Mac OS X Security Third Lesson
Mac OS X Single User Mode Root Access
Mac OS X Shareware Firewalls
Mac OS X Secure Installation
Cable & DSL Connections - Security Measures
Better Safe than Sorry
Apple.com Security Resources
Marketing Macintosh Security Programs

Below is the whole article from c't
Please note, this exploit is not automaticly turned on by default. The user needs to chmod the test-cgi to run publicly. So unless you have changed it, you should be fine. Read on for more information.

c't 13/99, page 186 - Translation by Gerald Himmelein


Jürgen Schmidt, Stephan Ehrmann

CGI Causes MacOS X Server To Panic

A fatal bug in MacOS X Server renders Apple's new operating system practically useless as a web server. The problem is particularly critical since it affects MacOS Server X release 1.0 in one of its key features.

During a server load test at c't Labs, the Apache web server built into the OS caused the machine to halt with a fatal "System Panic" error following successive CGI script queries.

CGI scripts (Common Gateway Interface) are a common server extension, frequently used for web queries. The test stopped the system cold whenever 32 or more processes repeatedly requested CGI scripts from the server -- this corresponds to the activity usually caused by several hundred surfers. It was always necessary to do a hard reboot via the reset switch. Neither the restart feature ("press R to Reboot") nor the low-level debugger ("press M to Monitor") built into MacOS X would work at this point.

It doesn't matter whether the processes are started locally or by an user request through the Web. Every owner of MacOS X Server can reproduce this problem -- even without connecting the machine to the Internet.

c't editor Jürgen Schmidt has written a shell script (CGI Panic) which will launch the Apache Benchmark ("ab") built into the server and crash the machine after 32 successive calls. Similar applications such as WebBench should cause the same reaction. The exploit offers crackers an easy way to sabotage servers: They can repeatedly call a CGI script and thereby paralyze every web site operating under MacOS X Server.

The fact that Apache can single-handedly crash the entire system puts Apple's implementation of the Unix system in question. Even with 512 or 1024 processes processed in parallel, the server should at worst slow down or issue error messages. The problem might be caused by an error in the MacOS X Mach Kernel which is triggered by a large number of simultaneous processes. It might not be limited to CGI scripts.

Apple employees were able to reproduce the crash after being contacted by c't magazine. As long as there is no patch for the problem, MacOS X server administrators should deactivate the execution of CGI scripts. (se)



Enter Email Address:

Enter your message:


Select Either of These Two Buttons





Security + OS
DiskLock
PowerBook Security Control Panel
Empower Pro
FileGuard
FreeGuard
FoolProof
Deus Lock Master
OnGuard
Keys Off
LockOut
MacOS Algorithm
Modem Security
Password Key
PGPuam
PPF
Shift Key Suite
Stealth Signal
SuperLock Lite
SuperLock Pro
Web-Confidential


Macintosh Viruses
Disinfectant
Sophos Anti-Virus
Norton AntiVirus
Nav 7 Nav 6 Nav X
Virex - Oct
VirusBarrier - Netupdate
vScan - Discontinued.

Mac Physical Security


Macintosh Firewalls
DoorStop Firewall
Firewall Q & A
IPNetSentry
NetBarrier
Norton Personal Firewall

Mac Spyware & Privacy
Monitorer
NetShred - Delete Files Safely

Network Security
MacAnalysis
Oyabun Tools
WDTech RAE
ToolDaemon

Application Security Issues
AIM - AOL Instant Messenger
Back Orifice
Eudora E-Mail Client
Internet Configure
IE 5.1, OE 5.1, Powerpoint, Excel Vulnerability
MS Personal webServer
NetBus
Outlook Express 4.5 Password Flaw
SubSeven
Sub7ME Server

Resource Info
AppleShare Server Info

Mac OS Encryption
EnScript
FGP
FileTwister
ForgotIt?
GenPass
MacLockSmith
My-Privacy
My Secret
PGPi
PGPhone
PGP Personal
PGP Freeware
PowerCrypt-dev
Private File
Quick Encrypt
SubRosa Utilities
Tresor

Deleting Files
Eraser Pro
ShredIt

Backups

Apple Hardware

MacOS DoS
Mac Attack


All material (c) 2014 SecureMac.com and respected owners