Bugtraq mailing list archives
Re: MacOS X SoftwareUpdate Vulnerability
From: gabriel rosenkoetter <gr () eclipsed net>
Date: Fri, 12 Jul 2002 09:14:49 -0400
On Thu, Jul 11, 2002 at 09:31:27AM -0500, Corey J. Steele wrote:
What about modifying the search order of `lookupd` and telling it to use /etc/hosts and then using an entry in /etc/hosts to statically identify swquery.apple.com? Might be a viable work-around?
Then I arp flood your router and spoof the IP address. Updates must at least be checksummed and really ought to be cryptographically signed. Period. -- gabriel rosenkoetter gr () eclipsed net
Attachment:
_bin
Description:
Current thread:
- MacOS X SoftwareUpdate Vulnerability Russell Harding (Jul 07)
- Re: MacOS X SoftwareUpdate Vulnerability Julian Suschlik (Jul 08)
- Re: MacOS X SoftwareUpdate Vulnerability Kurt Seifried (Jul 08)
- Re: MacOS X SoftwareUpdate Vulnerability Corey J. Steele (Jul 11)
- Re: MacOS X SoftwareUpdate Vulnerability gabriel rosenkoetter (Jul 12)
- <Possible follow-ups>
- RE: MacOS X SoftwareUpdate Vulnerability jaehnel (Jul 13)
- RE: MacOS X SoftwareUpdate Vulnerability Hundley, Gordon - Princeton (Jul 15)
- Re: MacOS X SoftwareUpdate Vulnerability Julian Suschlik (Jul 08)