|
|
Oscar Wilde (1856-1900); Irish playwright, novelist.
- File overwrite in Mac OS X -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, 29 October 2003 - @stake has reported - at
www.atstake.com/research/advisories/2003/a102803-1.txt - that a
vulnerability has been discovered that affects the operating systems Mac OS
X 10.2.8 and earlier. This vulnerability is fixed in Mac OS X 10.3.
This security flaw occurs in systems running with core files enabled.
Through this vulnerability an attacker with interactive shell access could
overwrite files and read core files created by root processes. This could
result in the loss of confidential data.
Core file creation is disabled by default in Mac OS X, but if it is enabled,
root processes generate them in the /cores directory. The vulnerability lies
in the fact that everybody has write permissions to this directory and that
files are created under an easily predictable name. As a result, an attacker
could generate symbolic links in this directory that point to any other file
in the file system.
NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
------------------------------------------------------------
The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's
free online scanner: 1) Bugbear.B; 2) Blaster; 3) Parite.B; 4) Gibe.C; 5)
Klez.I.
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
