Full Disclosure mailing list archives
Russell Harding MacOS X SoftwareUpdate Vulnerability Advisory Missing In Action in Bugtraq Archive
From: "Jason Coombs" <jasonc () science org>
Date: Sat, 21 Jul 2007 08:23:45 +0000
Dear Symantec, As long as we're burning digital books to mitigate our civil liability, perhaps we could do a good job of it next time? Quietly disappearing Russell Harding's advisory from the BugTraq archive didn't resolve your potential liability for distributing links to material that violates the DMCA. Perhaps you have failed to notice the various other locations where you still publish this illicit material, including the exploit? active page: http://www.securityfocus.com/bid/5176 exploit hosted by Symantec: http://www.securityfocus.com/data/vulnerabilities/exploits/PhantomUpdate-0.7.tgz.tar disappeared: http://www.securityfocus.com/archive/1/280964 archive.org: http://web.archive.org/web/20030606200331/http://www.securityfocus.com/archive/1/280964 exploit home page: http://www.cunap.com/~hardingr/projects/osx/exploit.html apple disinformation: http://docs.info.apple.com/article.html?artnum=75304 https://depot.info.apple.com/security7-18/ To: BugTraq Subject: MacOS X SoftwareUpdate Vulnerability Date: Jul 7 2002 4:21AM Author: Russell Harding <hardingr () ucsub colorado edu> ---------------------------------------------------------------------------- MacOS X SoftwareUpdate Vulnerability. ---------------------------------------------------------------------------- Date: July 6, 2002 Version: MacOS 10.1.X and possibly 10.0.X Problem: MacOS X SoftwareUpdate connects to the SoftwareUpdate Server via HTTP with no authentication, leaving it vulnerable to attack. ---------------------------------------------------------------------------- http://www.cunap.com/~hardingr/projects/osx/exploit.html ---------------------------------------------------------------------------- Summary: Mac OS X includes a software updating mechanism "SoftwareUpdate". Software update, when configured by default, checks weekly for new updates from Apple. HTTP is used with absolutely no authentication. Using well known techniques, such as DNS Spoofing, or DNS Cache Poisoning it is trivial to trick a user into installing a malicious program posing as an update from Apple. Impact: Apple frequently releases updates, which are all installed as root. Exploiting this vulnerability can lead to root compromise on affected systems. These are known to include Mac OS 10.1.X and possibly 10.0.X. Solution/Patch/Workaround: There is currently no patch available. Hopefully the release of this information will convince apple they need, at the very least, some basic authentication in SoftwareUpdate. Exploit: http://www.cunap.com/~hardingr/projects/osx/exploit.html An exploit for this vulnerability has been released to the public for testing purposes. It is distributed as a Mac OS X package which includes DNS and ARP spoofing software. Also, it includes the cgi scripts, and apache configuration files required to impersonate the Apple SoftwareUpdatesServer. Credits: Author - Russell Harding - hardingr () cunap com Testing - Spectre Phlux, KrazyC, Devon, and The Wench Want to link to this message? Use this URL: <http://www.securityfocus.com/archive/1/280964> Sent from my Verizon Wireless BlackBerry _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Russell Harding MacOS X SoftwareUpdate Vulnerability Advisory Missing In Action in Bugtraq Archive Jason Coombs (Jul 21)