| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1977746217-1185006231-cardhu_decombobulator_blackberry.rim.net-321547188-@bxe109.bisx.prod.on.blackberry>
Date: Sat, 21 Jul 2007 08:23:45 +0000
From: "Jason Coombs" <jasonc@...ence.org>
To: "Full Disclosure" <full-disclosure@...ts.grok.org.uk>
Cc: bugtraq@...urityfocus.com, dm@...urityfocus.com
Subject: Russell Harding MacOS X SoftwareUpdate
Vulnerability Advisory Missing In Action in Bugtraq Archive
Dear Symantec,
As long as we're burning digital books to mitigate our civil liability,
perhaps we could do a good job of it next time? Quietly disappearing
Russell Harding's advisory from the BugTraq archive didn't resolve your
potential liability for distributing links to material that violates the
DMCA. Perhaps you have failed to notice the various other locations
where you still publish this illicit material, including the exploit?
active page:
http://www.securityfocus.com/bid/5176
exploit hosted by Symantec:
http://www.securityfocus.com/data/vulnerabilities/exploits/PhantomUpdate-0.7.tgz.tar
disappeared:
http://www.securityfocus.com/archive/1/280964
archive.org:
http://web.archive.org/web/20030606200331/http://www.securityfocus.com/archive/1/280964
exploit home page:
http://www.cunap.com/~hardingr/projects/osx/exploit.html
apple disinformation:
http://docs.info.apple.com/article.html?artnum=75304
https://depot.info.apple.com/security7-18/
To: BugTraq
Subject: MacOS X SoftwareUpdate Vulnerability
Date: Jul 7 2002 4:21AM
Author: Russell Harding <hardingr@...ub.colorado.edu>
----------------------------------------------------------------------------
MacOS X SoftwareUpdate Vulnerability.
----------------------------------------------------------------------------
Date: July 6, 2002
Version: MacOS 10.1.X and possibly 10.0.X
Problem: MacOS X SoftwareUpdate connects to the SoftwareUpdate Server via
HTTP with no authentication, leaving it vulnerable to attack.
----------------------------------------------------------------------------
http://www.cunap.com/~hardingr/projects/osx/exploit.html
----------------------------------------------------------------------------
Summary:
Mac OS X includes a software updating mechanism "SoftwareUpdate". Software
update, when configured by default, checks weekly for new updates from
Apple. HTTP is used with absolutely no authentication. Using well known
techniques, such as DNS Spoofing, or DNS Cache Poisoning it is trivial to
trick a user into installing a malicious program posing as an update from
Apple.
Impact:
Apple frequently releases updates, which are all installed as root.
Exploiting this vulnerability can lead to root compromise on affected
systems. These are known to include Mac OS 10.1.X and possibly 10.0.X.
Solution/Patch/Workaround:
There is currently no patch available. Hopefully the release of this
information will convince apple they need, at the very least, some basic
authentication in SoftwareUpdate.
Exploit: http://www.cunap.com/~hardingr/projects/osx/exploit.html
An exploit for this vulnerability has been released to the public for
testing purposes. It is distributed as a Mac OS X package which includes
DNS and ARP spoofing software. Also, it includes the cgi scripts, and
apache configuration files required to impersonate the Apple
SoftwareUpdatesServer.
Credits:
Author - Russell Harding - hardingr@...ap.com
Testing - Spectre Phlux, KrazyC, Devon, and The Wench
Want to link to this message? Use this URL:
<http://www.securityfocus.com/archive/1/280964>
Sent from my Verizon Wireless BlackBerry
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists