Full Disclosure mailing list archives

Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability

From: Jonathan Zdziarski <jonathan () nuclearelephant com>
Date: Thu, 19 May 2005 08:08:27 -0400


On May 19, 2005, at 2:36 AM, ph0enix wrote:

Date: May 19, 2005
Description: OSX 10.4 Dashboard Permits Hijacking of AuthenticatedCredentials
This issue is known since 2005-05-09 and OSVDB had an entry already:
http://www.osvdb.org/16499

This URL is for the widget injection issue, not the authenticatedcredentials hijacking issue. I already mentioned the Safari issue wasknown about.

Versions Affected:
OSX 10.4.0
OSX 10.4.1
10.4.1 doesn't seem to be vulnerable. Could you please show how doyou exploit this when the option in Safari is turned on?


widget.system("sudo id >> /tmp/out", null);

Jonathan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability, (continued)
- - - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Daniel (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Graham Reed (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 18)
  - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ZATAZ.net (May 18)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 18)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Daniel (May 19)
    - Content detection in html payload with snort ? Frederic Charpentier (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
  - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 19)
- Message not available
  - Message not available
    - Message not available
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Ports used by trogens Brian Phillips (May 21)
  - Re: Ports used by trogens Who? (May 21)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Brian K. (May 18)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Brian K. (May 19)
  - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Brian K. (May 19)