CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 949
Comments: 28
block bottom
spacer spacer
image Patches/SP's: Panther Patches Mac OS X Security Holes image
Security Hole
Panther Patches Mac OS X Security Holes
By Dennis Fisher

Security researchers have identified two new vulnerabilities in Apple Computer Inc.'s Mac OS X, one of which may allow attackers to execute some arbitrary commands as a root user under some circumstances.

Both flaws affect all versions of the operating system through 10.2 and are fixed in release 10.3, also known as Panther, according to Apple.

The first vulnerability is a buffer overrun that allows an attacker to crash the OS X kernel simply by entering a command line argument of a specific length. Once the attack is executed, the machine crashes immediately, without generating any log files or error messages, according to an advisory on the issue released Tuesday by @stake Inc., based in Cambridge, Mass., which discovered both weaknesses. The crashed machine will reboot eventually.

However, an attacker can also use this vulnerability to get the machine to return small amounts of its memory to him. Researchers at @stake said it appears the only thing being returned to the attacker is memory addresses, which aren't normally considered to be sensitive information.

Although they were unable to use this flaw to run code on vulnerable machines, the @stake researchers said that it may be possible, given that the weakness lies in the OS X kernel itself.

The second new problem involves the way that the OS handles core files, which are a snapshot of the system's state when a machine crashes. When core files are enabled in OS X, processes owned by root will write a core file to the /cores directory. These files are owned by the root process, which would have read-only access to them. The attacker can also read the contents of the core files created by the root process.

But, because the directory is writable and the names of the files in it are predictable, an attacker could create symbolic links to these files and point them to files elsewhere on the system. In this way, he could essentially overwrite any of the core files. To do this, the attacker would need interactive shell access to the machine, @stake said.

However, the core files setting is disabled by default on OS X, according to Apple, based in Cupertino, Calif.

eWeek
Posted on Wednesday, 29 October 2003 @ 09:43:09 UTC by phoenix22 (1234 reads)
[ Trackback ]		image

"Patches/SP's: Panther Patches Mac OS X Security Holes" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· Linux Kernel Archives
· HotScripts
· Apple
· W3 Consortium
· More about Security Hole
· News by phoenix22

Most read story about Security Hole:
Windows Media Player, Spyware and Trojan
block bottom
Article Rating
spacer
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
174ppm 0.113s (0.006s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer