lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200304230538.h3N5c661031562@haackey.com>
From: neeko at haackey.com (Neeko Oni)
Subject: OS X DirectoryService attack {Updated}

Thanks to Patrick M McNeal and Subversive, we've got a clearer idea of the
factors involved in the DirectoryService OS X compromise.

Quoting out an off-list message with Mr. McNeal:

<snip>
 From our testing and some discussions we've had, only OS X server binds
to port 625:

> DirectoryService will only listen on that port if
>
> /Library/Preferences/DirectoryService/.DSTCPListening
>
> exists.
>
> This is not the default state (and I believe probably not supported)
> on Mac OS X client. On Mac OS X Server, however, most if not all of
> the graphical management depend on port 625 being open. I know for
> certain WorkGroup Manager authenticates over 625.

..
 From what I know, no one has been able to crash DirectoryServices on
the client machine.
</snip>

So it appears the distinction between binding/non-binding DirectoryService
processes is in the client/server and .DSTCPListening difference(s).
I know several people have contact me about asking for information about this
when it comes to me, and I hope this helps you guys out.  Thanks again to
those previously mentioned that have provided me with information.

.Neeko Oni

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ