Bugtraq mailing list archives
Re: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
From: Vade 79 <v9 () fakehalo deadpig org>
Date: 18 Feb 2005 05:18:44 -0000
In-Reply-To: <DBA4F9D89F7DD54DB5E33F41D90DD3E003277F3A () shq-exu1 netsec net>
VULNERABILITY DETAILS Name: Multiple Vulnerabilities Resulting From Use Of Apple
OSX
HFS+=20 Impact: HIGH Platform: Apple OS X (Darwin) <=3D 10.2 Method: Possible unauthorized access to file system data Identifier: 07012005-01
After reading your advisory I do agree it is a security issue, and is certainly worthy of reporting/posting. However a HIGH impact? I just don't see it; at most they can read CGI scripts, and most of the time they can't even do that. For example, I tested it on my OSX Apache server and my (perl) scripts were forbidden to read by default using the method mentioned("/path/to/file/..namedfork/data"). Sorry if this seems like a rant.
Current thread:
- Re: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+ Vade 79 (Feb 17)