[Tfug] Root exploit for Mac OS X
Angus Scott-Fleming
angussf at geoapps.com
Fri Jun 20 07:21:33 MST 2008
'Tain't FOSS but it's often discussed here. Just came across this little gem:
------- Included Stuff Follows -------
Root exploit for Mac OS X
A vulnerability in Mac OS X 10.4 and 10.5 makes it easy for potential
attackers to obtain root rights to a system. The ARDAgent - Apple Remote
Desktop - part of Remote Management has the SUID bit set. ARDAgent is able
to run AppleScript with root rights and these, in turn, may contain shell
commands - all without requiring a password.
To demonstrate the problem as a standard user or guest on a computer, type
osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; into the
console. Physical access to a system is not required for an attack to be
successful. In principle, the exploit will also work remotely, say on a
server on which a user has a restricted account with SSH access.
--------- Included Stuff Ends ---------
More details and links here:
http://www.heise-online.co.uk/security/Root-exploit-for-Mac-OS-X--/news/110968
More information about the tfug
mailing list