jim2 Posted April 25, 2007 Share Posted April 25, 2007 Upgrade 10.4.9 hakintosh? It's idiot loginwindows pacth is from build 10.4.4 for all hakintosh, all loginwindows have bug security big, very big exploit loginwindows mac osx http://www.google.es/search?hl=es&q=ex...oogle&meta= http://www.frsirt.com/english/advisories/2007/1470 is upgrade a hakintosh is idiot, you have a hakintosh gruyere Link to comment Share on other sites More sharing options...
macbrush Posted April 25, 2007 Share Posted April 25, 2007 That simply means "Require a password to wake from screen saver" may not work. What a big deal... "The eleventh vulnerability exists in the Login Window when handling the "require a password to wake the computer from sleep" preference, which could be exploited by malicious users to bypass the screen saver authentication dialog." Link to comment Share on other sites More sharing options...
jim2 Posted April 25, 2007 Author Share Posted April 25, 2007 http://projects.info-pull.com/moab/MOAB-22-01-2007.html Basically, this vulnerability makes every "denial of service issue" leading to a so-called 'crash' usable for escalating privileges. Elevating to root from wheel is as simple as replacing the installAssistant binary with a setuid(0) shell wrapper and running diskutil to "repair" the permissions, setting the setuid bit back. diskutil requires the user to have admin group privileges, but due to the fact that it's being executed in the context of the InputManager (which, again, runs with wheel privileges) the issue can be successfully exploited by fully unprivileged users http://docs.info.apple.com/article.html?artnum=61798 LoginWindow CVE-ID: CVE-2006-4397 Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: After an unsuccessful attempt to log in to a network account, Kerberos tickets may be accessible to other local users Description: Due to an unchecked error condition, Kerberos tickets may not be properly destroyed after unsuccessfully attempting to log in to a network account via loginwindow. This could result in unauthorized access by other local users to a previous user's Kerberos tickets. This update addresses the issue by clearing the credentials cache after failed logins. This issue does not affect systems prior to Mac OS X v10.4. Credit to Patrick Gallagher of Digital Peaks Corporation for reporting this issue. LoginWindow CVE-ID: CVE-2006-4393 Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: Kerberos tickets may be accessible to other local users if Fast User Switching is enabled Description: An error in the handling of Fast User Switching may allow a local user to gain access to the Kerberos tickets of other local users. Fast User Switching has been updated to prevent this situation. This issue does not affect systems prior to Mac OS X v10.4. Credit to Ragnar Sundblad of the Royal Institute of Technology, Stockholm, Sweden for reporting this issue. LoginWindow CVE-ID: CVE-2006-4394 Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: Network accounts may be able to bypass loginwindow service access controls Description: Service access controls can be used to restrict which users are allowed to log in to a system via loginwindow. A logic error in loginwindow allows network accounts without GUIDs to bypass service access controls. This issue only affects systems that have been configured to use service access controls for loginwindow and to allow network accounts to authenticate users without a GUID. The issue has been resolved by properly handling service access controls in loginwindow. This issue does not affect systems prior to Mac OS X v10.4. kb29272, kb29270...... Link to comment Share on other sites More sharing options...
macbrush Posted April 25, 2007 Share Posted April 25, 2007 The bug exists in 10.4.8 need to be done on console, but if you get someone that close, its easy just to power off and on to single user mode. For other bugs that can be exploited via network, all of them require a local account in the first place. I still can't see anything close to DoS or a major risk on a workstation. Link to comment Share on other sites More sharing options...
Recommended Posts