Mr. Gone Posted March 6, 2006 Report Posted March 6, 2006 (edited) Mac OS X hacked under 30 minutes "It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia. ... "Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," added gwerdna. Apple disciples, rewrite your sermons. Still, Apple's got the prettiest housings. Edited March 6, 2006 by Mr. Gone Quote
Jim Dye Posted March 6, 2006 Report Posted March 6, 2006 The person running the server let anyone SSH in and set up their own user account. They probably exploited this: Directory Services CVE-ID: CVE-2005-2713, CVE-2005-2714 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Malicious local users may create and manipulate files as root Description: The passwd program is vulnerable to temporary file attacks. This could lead to privilege elevation. This update addresses the issue by anticipating a hostile environment and by creating temporary files securely. Credit to Ilja van Sprundel of Suresec LTD, vade79, and iDefense (idefense.com) for reporting this issue. It was patched with a security update last week. Quote
_forumlogo.png.a607ef20a6e0c299ab2aa6443aa1f32e.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.