Re: TrueBasic/Mac Bug

[schlosser () NPL MED YALE EDU (Mike Schlosser)]

Are we discussing Mac stuff on BUQTRAQ now?

This "bug" is more prevalent then even this.  A program called Burn is
available all over the Internet. Burn will delete any file by writing 0s
over the file. It will do this regardless of At Ease, On Guard,
MacPrefect, file permissions etc. etc.  You can also manually enable the
shift command (to turn off all extensions at startup, including any
protection extensions) with a simple program. (I have an executable copy
if anyone wants one, but I don't have the code :( ) With extensions off
you can delete the on guard prefs or whatever to get full access.

Mac's are full of holes..

MindReader

> ----------
> From:  Xservo[SMTP:servo () GARBAGE BRIDGE NET]
> Sent:  Wednesday, May 21, 1997 6:31 AM
> To:    BUGTRAQ () NETSPACE ORG
> Subject:       TrueBasic/Mac Bug
>
> GARBAGENET EXPLOIT: SW-1 SOFTWARE
> ------------------------------
> Date: 1/23/97
> Author: servo () garbage bridge net
> System: MacOS
> Application: TrueBasic
>
>        A error has been found on any system running MacOS and any
> version of TrueBasic that includes the "unsave" command. The unsave
> command is used to erase or delete any file on the Macintosh HD. What this
> allows any user to do is erase ANY file even if behind security programs
> such as "On Guard" and "At Ease".
>
> IE:
>
> ! Begin Kiss Off v1.0 by Xservo <servo () garbage bridge net>
> !       NOTE: Replace "MacHD" with the name of your Macintosh Hard Disk
> !
> unsave "MacHD:System Folder:Control Panels:On Guard"
> end
> ! EOF
>
> This program will erase On Guard from the Macintosh Hard Drive named
> "MacHD". Such a exploit can also be acccomplished with the "OPEN" and
> "ERASE" commands.
>
>
>
>
> EOF SW-1
>
>
> ++
> Xservo <servo () garbage bridge net> {*} http://garbage.bridge.net
> KF4MKT <kf4mkt@n4hhp.#hwd.fl.ua.na> {*} Broward ARES & RACES Member
> Powered by RHS Linux 4.1 {*} PGP Key on request (and do use!)
> Send *EMERGENCY* Mail with Subject: EMETX