Bugtraq mailing list archives
Mac OS X Cocktail 3.5.4 admin password disclosure
From: "sonderling" <sonderling () hushmail com>
Date: Fri, 29 Apr 2005 11:48:15 -0700
Application: Mac OS X Cocktail Version: 3.5.4 and probably below URL: www.macosxcocktail.com Vulnerability: admin password disclosure ======================================================= Vendor's description: "Cocktail is a general purpose utility for Mac OS X. The application serves up a scrumptious mix of maintenance tools and interface tweaks, all accessible via a comprehensive graphical interface and toolset. It is a smooth and powerful utility that simplifies the use of advanced UNIX functions." The problem: Since Cocktail needs administrative privileges the user is prompted for the admin password upon startup. The actual maintenance is done by command line utilities that are executed in an insecure manner: Cocktail creates a new process and lets /bin/sh pipe the admin password using echo into sudo, which then will execute the utility, like this: sh -c echo 'PASSWORD' | sudo -p "" -S sudo update_prebinding -root / Exploitation: Knowing Cocktail is waiting for some Unix utility to have finished its work, just execute "ps ax" on the terminal and search for the password. The vendor has been contacted; the new version 3.6 for Mac OS X "Tiger" should have been fixed. I haven't tested this version, though. Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427
Current thread:
- Mac OS X Cocktail 3.5.4 admin password disclosure sonderling (Apr 29)