Mac OS XSecurity Issue: Mac OS X Screensaver Password Protection Bug
Systems Vulnerable: Mac OS X 10.2.6 and prior
Date Fixed: TBA
Apple’s Mac OS X screensaver apparently contains a buffer overflow vulnerability that causes the screensaver to dump not requiring the user to enter a legitimate username and password.
When enabling the password protection on the Mac OS X screensaver users are required to authenticate before leaving the screensaver to gain access to the desktop again. Delfim Machado notified Apple that he had learned of a bug that caused the screensaver to exit without properly …
July 7, 2003 •
1 min read
Mac OS XComputers running Mac OS X prior to 10.2.4 and unpatched contain a vulnerability that can be exploited to create files that can be run at elevated privileges because of the TruBlueEnvironment. Included is the security advisory covering the issue discovered by @Stake’s Dave.
For those unable to update they can change the permissions of the vulnerable files to the admin group.
sudo chown .admin /System/Library/CoreServices/Classic\ Startup.app/Contents/Resources/TruBlueEnvironment
sudo chmod 4750 /System/Library/CoreServices/Classic\ Startup.app/Contents/Resources/TruBlueEnvironment
Security Advisory
Advisory Name: TruBlueEnvironment Privilege Escalation Attack
Release Date: 02/14/2003
Application: TruBlueEnvironment
Platform: MacOS X (10.2.3 and below)
Severity: Local users can gain root privileges
Author: Dave G.
Vendor …
February 11, 2003 •
3 min read
Mac OS XResolution
The issue described below was addressed and take resolved by Apple July 12th 2002 by adding checksums to downloads. Update to current version of Mac OS X via the software updates or visit AppleCare Document 75304
Information
Anonymous writes “I have recently been forwarded a mail from a reliable source which highlights a possible security issue with Software Update. I have not tested it myself, but both the source of the mail and the person who forwarded it are reliable and have always helped me to keep up to date with a …
July 6, 2002 •
2 min read
Mac OS XAbout Cisco VPN Client
The Cisco VPN (Virtual Private Network) Client establishes an encrypted tunnel between a local system and a Cisco VPN Concentrator. The tunnel provides confidentiality and integrity for the data in transit, allowing a user on the local system to securely connect to a corporate network via a public, possibly untrusted network.
Information
Cisco’s VPN Client for Mac OS X, Linux and Solaris contains a security vulnerability which results in administrative privileges via a exploit. The Virtual Private Network (VPN) client allows for the Non-Windows platform to function over a …
June 4, 2002 •
4 min read
Mac ClassicPublished: 5.07.2002
Fixed: Mac OS X 10.1.4
Effected OS:
Mac OS X 10.1.3 and prior)
Information
The problems lies within the file /usr/sbin/sliplogin (sliplogin) bundled with versions of Mac OS X prior to 10.1.4 due to the permissions defined and a buffer overflow. The system can be taken control of if a non-administrative user were to overflow the program giving them permissions as a root user. This issue has been taken care of in 10.1.4 system security update, if you have not yet updated do so now.
A unix styled exploit for the Macintosh! This is …
May 7, 2002 •
2 min read
Mac ClassicToday it was discovered in Mac OS X 10.1.4 (Not tested with prior versions yet) with multiple users
I have stumbled across a rather large security hole when AppleSharing between a Mac OS 9.2.2 box and a Mac OS X box running v.10.1.4.
If a Mac OS X 10.1.4 box contains multiple user or administrator accounts, their home directories as well as access to some shared folders with permissions for only one specific account can be broken into via AppleShare.
The trick is simple. This can be done on any administrator account on …
May 4, 2002 •
2 min read
Mac OS XThe folks at BSD-H have found a flaw that offers anyone in the admin group the ability to achieve root access via sudo. For those of you new to Mac OS X and the whole Unix environment do not get frustrated, this article will enlighten you about sudo and what steps you need to talk to fix the security issue.
The Flaw
Dubbed ‘RootX’ when this exploit is compiled, the program communicates with a sudo feature to give root to any admin under Mac OS X. Sudo means ‘do this command as …
February 7, 2002 •
4 min read
Mac ClassicFix: Use the Software Update feature in Mac OS X to resolve the issues with WebDAV security issues.
Security Advisory: Apple’s Mac OS X iDisk WebDAV vulnerability
Open Door Networks recently discovered that Apple’s iDisk under Mac OS X 10.1 wasn’t properly written to WebDAV standards. They said in Mac OS X 10.1 your iDisk is usually accessed using the WebDAV protocol rather than the Apple Filing Protocol (AFP) used previously. Like AFP, WebDAV is supposed to not send your password over the Internet, so in that respect it should be as …
October 6, 2001 •
2 min read
Mac ClassicOperating System: Max OS X Version Affected: up to 10.1
Security Risk: High
Remote: No
Fixed: 10.20.2001 see below
About
Mac OS X over the past few months have started to spout security concerns, this being one of the first most publicized attacks on the operating system. Once logged into Mac OS X, any user can obtain a root shell by executing a few simple applications in specific order.
Mac OS X is already on computers in every sort of nature, even after the administrator sets up multiple accounts with specific privileges keeping the user from …
October 2, 2001 •
3 min read
Mac Tips
What is nidump?
nidump reads the specified NetInfo domain and dumps a por-
tion of its contents to standard output. When a flat-file
administration file format is specified, nidump provides
output using the syntax of the corresponding flat file.
The allowed values for format are aliases, bootparams,
bootptab, exports, fstab, group, hosts, networks, passwd,
printcap, protocols, rpc, and services.
If the -r option is used, the first argument is inter-
preted as a NetInfo directory path, and its contents are
dumped in a generic NetInfo format.
If the -r option is used, the first argument is inter-
preted as a NetInfo directory …
July 5, 2001 •
2 min read
AppleInformation:
This concerns Macs connected to NT servers using Service Pack 4. If a Mac changes its password when connected to NT SP4, from that point on, PCs can log into that user account with NO password (a null password.) – contributed by John Wolf
Views:
This can be a serious bug. Its not well known, and when an Appleshare Client is added, not many people think to check for security issues because, well, it’s APPLESHARE! This causes a problem on the network.
Reasonings and Technical How-SO
snip-it from ms99-004 advisory Issue
The Windows NT Security …
June 2, 2001 •
3 min read
Mac ClassicA fatal bug in MacOS X Server renders Apple’s new operating system practically useless as a web server. The problem is particularly critical since it affects MacOS Server X release 1.0 in one of its key features.
During a server load test at c’t Labs, the Apache web server built into the OS caused the machine to halt with a fatal “System Panic” error following successive CGI script queries.
CGI scripts (Common Gateway Interface) are a common server extension, frequently used for web queries. The test stopped the system cold whenever 32 …
June 2, 2001 •
2 min read