Jump to content

Upgrade 10.4.9 hakintosh?

jim2

By jim2,
in OSx86 10.4 (Tiger)

 Share
4 posts in this topic

Recommended Posts

macbrush
macbrush
Posted
Posted

That simply means "Require a password to wake from screen saver" may not work. What a big deal...

 

"The eleventh vulnerability exists in the Login Window when handling the "require a password to wake the computer from sleep" preference, which could be exploited by malicious users to bypass the screen saver authentication dialog."

Link to comment
Share on other sites
jim2
jim2
Posted
  • Author
Posted

http://projects.info-pull.com/moab/MOAB-22-01-2007.html

 

Basically, this vulnerability makes every "denial of service issue" leading to a so-called 'crash' usable for escalating privileges. Elevating to root from wheel is as simple as replacing the installAssistant binary with a setuid(0) shell wrapper and running diskutil to "repair" the permissions, setting the setuid bit back. diskutil requires the user to have admin group privileges, but due to the fact that it's being executed in the context of the InputManager (which, again, runs with wheel privileges) the issue can be successfully exploited by fully unprivileged users

 

 

 

 

 

http://docs.info.apple.com/article.html?artnum=61798

 

 

LoginWindow

CVE-ID: CVE-2006-4397

Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X

Server v10.4 through Mac OS X Server v10.4.7

Impact: After an unsuccessful attempt to log in to a network

account, Kerberos tickets may be accessible to other local users

Description: Due to an unchecked error condition, Kerberos

tickets may not be properly destroyed after unsuccessfully

attempting to log in to a network account via loginwindow. This

could result in unauthorized access by other local users to a

previous user's Kerberos tickets. This update addresses the

issue by clearing the credentials cache after failed logins.

This issue does not affect systems prior to Mac OS X v10.4.

Credit to Patrick Gallagher of Digital Peaks Corporation for

reporting this issue.

 

LoginWindow

CVE-ID: CVE-2006-4393

Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X

Server v10.4 through Mac OS X Server v10.4.7

Impact: Kerberos tickets may be accessible to other local users

if Fast User Switching is enabled

Description: An error in the handling of Fast User Switching may

allow a local user to gain access to the Kerberos tickets of

other local users. Fast User Switching has been updated to

prevent this situation. This issue does not affect systems prior

to Mac OS X v10.4. Credit to Ragnar Sundblad of the Royal

Institute of Technology, Stockholm, Sweden for reporting this

issue.

 

LoginWindow

CVE-ID: CVE-2006-4394

Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X

Server v10.4 through Mac OS X Server v10.4.7

Impact: Network accounts may be able to bypass loginwindow

service access controls

Description: Service access controls can be used to restrict

which users are allowed to log in to a system via loginwindow. A

logic error in loginwindow allows network accounts without GUIDs

to bypass service access controls. This issue only affects

systems that have been configured to use service access controls

for loginwindow and to allow network accounts to authenticate

users without a GUID. The issue has been resolved by properly

handling service access controls in loginwindow. This issue does

not affect systems prior to Mac OS X v10.4.

 

kb29272, kb29270......

Link to comment
Share on other sites
macbrush
macbrush
Posted
Posted

The bug exists in 10.4.8 need to be done on console, but if you get someone that close, its easy just to power off and on to single user mode. For other bugs that can be exploited via network, all of them require a local account in the first place. I still can't see anything close to DoS or a major risk on a workstation.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...