Bugtraq mailing list archives
RE: Possible Issue with Netinfo and Mac OS X
From: Dixie Flatline <echo8 () gh0st net>
Date: Mon, 3 Sep 2001 08:57:26 -0300
I have kept quiet about this to this point because I have not contacted Apple, or given the vendor any opportunity to respond, but if this discussion is going to be held in public, I think the following points are worthy of discussion: * /usr/bin/nireport can be run by any user and can pull essentially the same information (including cyphertext passwords and password hints). * /usr/bin/nidump can be used for pretty much the same thing. Either of these can be run by any user, regardless of whether or not that user exists in the sudoers file (which is to say whether or not that user is allowed to "admin" the box). * The netinfo GUI (/Applications/Utilities/NetInfo Manager.app/Contents/MacOS/NetInfo Manager) is suid to root and will give out this information without requiring authentication. My system is running 10.0.4 (build 4Q12) with the Web Sharing update installed. echo8
Current thread:
- Possible Issue with Netinfo and Mac OS X Benjamin Gardiner (Sep 02)
- Re: Possible Issue with Netinfo and Mac OS X Ethan Benson (Sep 03)
- Re: Possible Issue with Netinfo and Mac OS X Matthew Seaman (Sep 03)
- Re: Possible Issue with Netinfo and Mac OS X Marukka (Sep 03)
- Re: Possible Issue with Netinfo and Mac OS X Marc Liyanage (Sep 03)
- Re: Possible Issue with Netinfo and Mac OS X kang (Sep 03)
- <Possible follow-ups>
- RE: Possible Issue with Netinfo and Mac OS X Dixie Flatline (Sep 03)
- Re: Possible Issue with Netinfo and Mac OS X Stuart Moore (Sep 03)
- Re: Possible Issue with Netinfo and Mac OS X Ethan Benson (Sep 03)