Mac OS X Security Issue – Screensaver Security Issue/Hack

Mac OS X Security Issue – Screensaver Security Issue/Hack

Security Issue: Mac OS X Screensaver Password Protection Bug

Systems Vulnerable: Mac OS X 10.2.6 and prior
Date Fixed: TBA

Apple’s Mac OS X screensaver apparently contains a buffer overflow vulnerability that causes the screensaver to dump not requiring the user to enter a legitimate username and password.

When enabling the password protection on the Mac OS X screensaver users are required to authenticate before leaving the screensaver to gain access to the desktop again. Delfim Machado notified Apple that he had learned of a bug that caused the screensaver to exit without properly …

July 7, 2003 • 1 min read
Mac OS X Security Issue – TruBlueEnvironment Privilege Escalation Attack

Mac OS X Security Issue – TruBlueEnvironment Privilege Escalation Attack

Computers running Mac OS X prior to 10.2.4 and unpatched contain a vulnerability that can be exploited to create files that can be run at elevated privileges because of the TruBlueEnvironment. Included is the security advisory covering the issue discovered by @Stake’s Dave.

For those unable to update they can change the permissions of the vulnerable files to the admin group.

sudo chown .admin /System/Library/CoreServices/Classic\ Startup.app/Contents/Resources/TruBlueEnvironment

sudo chmod 4750 /System/Library/CoreServices/Classic\ Startup.app/Contents/Resources/TruBlueEnvironment

Security Advisory

Advisory Name: TruBlueEnvironment Privilege Escalation Attack
Release Date: 02/14/2003
Application: TruBlueEnvironment
Platform: MacOS X (10.2.3 and below)
Severity: Local users can gain root privileges
Author: Dave G.
Vendor …

February 11, 2003 • 3 min read
SoftwareUpdate DNS Spoof, Poisoning Exploit

SoftwareUpdate DNS Spoof, Poisoning Exploit

Resolution

The issue described below was addressed and take resolved by Apple July 12th 2002 by adding checksums to downloads. Update to current version of Mac OS X via the software updates or visit AppleCare Document 75304

Information

Anonymous writes “I have recently been forwarded a mail from a reliable source which highlights a possible security issue with Software Update. I have not tested it myself, but both the source of the mail and the person who forwarded it are reliable and have always helped me to keep up to date with a …

July 6, 2002 • 2 min read
Cisco VPN UNIX Mac OS X Client Security Issue

Cisco VPN UNIX Mac OS X Client Security Issue

About Cisco VPN Client

The Cisco VPN (Virtual Private Network) Client establishes an encrypted tunnel between a local system and a Cisco VPN Concentrator. The tunnel provides confidentiality and integrity for the data in transit, allowing a user on the local system to securely connect to a corporate network via a public, possibly untrusted network.

Information

Cisco’s VPN Client for Mac OS X, Linux and Solaris contains a security vulnerability which results in administrative privileges via a exploit. The Virtual Private Network (VPN) client allows for the Non-Windows platform to function over a …

June 4, 2002 • 4 min read
Mac OS X root sliplogin permission error leads to root

Mac OS X root sliplogin permission error leads to root

Published: 5.07.2002
Fixed: Mac OS X 10.1.4
Effected OS:
Mac OS X 10.1.3 and prior)

Information

The problems lies within the file /usr/sbin/sliplogin (sliplogin) bundled with versions of Mac OS X prior to 10.1.4 due to the permissions defined and a buffer overflow. The system can be taken control of if a non-administrative user were to overflow the program giving them permissions as a root user. This issue has been taken care of in 10.1.4 system security update, if you have not yet updated do so now.

A unix styled exploit for the Macintosh! This is …

May 7, 2002 • 2 min read
Mac OS X AppleShare Administrative access hack

Mac OS X AppleShare Administrative access hack

Today it was discovered in Mac OS X 10.1.4 (Not tested with prior versions yet) with multiple users

I have stumbled across a rather large security hole when AppleSharing between a Mac OS 9.2.2 box and a Mac OS X box running v.10.1.4.

If a Mac OS X 10.1.4 box contains multiple user or administrator accounts, their home directories as well as access to some shared folders with permissions for only one specific account can be broken into via AppleShare.

The trick is simple. This can be done on any administrator account on …

May 4, 2002 • 2 min read
Mac OS X Server/ Client Sudo Local Root

Mac OS X Server/ Client Sudo Local Root

The folks at BSD-H have found a flaw that offers anyone in the admin group the ability to achieve root access via sudo. For those of you new to Mac OS X and the whole Unix environment do not get frustrated, this article will enlighten you about sudo and what steps you need to talk to fix the security issue.

The Flaw

Dubbed ‘RootX’ when this exploit is compiled, the program communicates with a sudo feature to give root to any admin under Mac OS X. Sudo means ‘do this command as …

February 7, 2002 • 4 min read
iDisk under Mac OS X 10.1 is significantly less secure…By Open Door Networks

iDisk under Mac OS X 10.1 is significantly less secure…By Open Door Networks

Fix: Use the Software Update feature in Mac OS X to resolve the issues with WebDAV security issues.

Security Advisory: Apple’s Mac OS X iDisk WebDAV vulnerability

Open Door Networks recently discovered that Apple’s iDisk under Mac OS X 10.1 wasn’t properly written to WebDAV standards. They said in Mac OS X 10.1 your iDisk is usually accessed using the WebDAV protocol rather than the Apple Filing Protocol (AFP) used previously. Like AFP, WebDAV is supposed to not send your password over the Internet, so in that respect it should be as …

October 6, 2001 • 2 min read
Mac OS X Security Vulnerability setuid root applications leave root shell open for hackers

Mac OS X Security Vulnerability setuid root applications leave root shell open for hackers

Operating System: Max OS X Version Affected: up to 10.1

Security Risk: High
Remote: No
Fixed: 10.20.2001 see below

About

Mac OS X over the past few months have started to spout security concerns, this being one of the first most publicized attacks on the operating system. Once logged into Mac OS X, any user can obtain a root shell by executing a few simple applications in specific order.

Mac OS X is already on computers in every sort of nature, even after the administrator sets up multiple accounts with specific privileges keeping the user from …

October 2, 2001 • 3 min read
Mac OS X nidump Security Issues (macosx)

Mac OS X nidump Security Issues (macosx)

 

What is nidump?

nidump reads the specified NetInfo domain and dumps a por-
tion of its contents to standard output. When a flat-file
administration file format is specified, nidump provides
output using the syntax of the corresponding flat file.
The allowed values for format are aliases, bootparams,
bootptab, exports, fstab, group, hosts, networks, passwd,
printcap, protocols, rpc, and services.

If the -r option is used, the first argument is inter-
preted as a NetInfo directory path, and its contents are
dumped in a generic NetInfo format.

If the -r option is used, the first argument is inter-
preted as a NetInfo directory …

July 5, 2001 • 2 min read
StaticUsers.net – AppleShare + NT Security Issues

StaticUsers.net – AppleShare + NT Security Issues

Information:

This concerns Macs connected to NT servers using Service Pack 4. If a Mac changes its password when connected to NT SP4, from that point on, PCs can log into that user account with NO password (a null password.) – contributed by John Wolf

Views:

This can be a serious bug. Its not well known, and when an Appleshare Client is added, not many people think to check for security issues because, well, it’s APPLESHARE! This causes a problem on the network.

Reasonings and Technical How-SO

snip-it from ms99-004 advisory Issue

The Windows NT Security …

June 2, 2001 • 3 min read
OSX -CGI Flaw

OSX -CGI Flaw

A fatal bug in MacOS X Server renders Apple’s new operating system practically useless as a web server. The problem is particularly critical since it affects MacOS Server X release 1.0 in one of its key features.

During a server load test at c’t Labs, the Apache web server built into the OS caused the machine to halt with a fatal “System Panic” error following successive CGI script queries.

CGI scripts (Common Gateway Interface) are a common server extension, frequently used for web queries. The test stopped the system cold whenever 32 …

June 2, 2001 • 2 min read