Penetration Testing mailing list archives
RE: Apple pentesting
From: "Altheide, Cory B. (IARC)" <AltheideC () nv doe gov>
Date: Tue, 5 Apr 2005 12:14:08 -0700
-----Original Message----- From: Todd Towles [mailto:toddtowles () brookshires com] Sent: Tuesday, April 05, 2005 11:59 AM To: Altheide, Cory B. (IARC) Cc: pen-test () securityfocus com Subject: RE: Apple pentesting And I ask you where is the expoit information? What is the vulnerability? Do exploits exist? Can you test if you are vulnerability? These is a site that list patches..not the same thing. Interesting that you think they are the same. Apple doesn't follow Full-Disclourse, that was my point. I didn't mean they don't patch...
Please try *very hard* to comprehend what I am writing. You said: "the problem with testing Macs is they never released vulnerability statements..never. If a hole is found, Apple releases a patch and no ones says anything." This is *FALSE*. To rebutt your current misconceptions (at least the ones applicable to this discussion): "What is the vulnerability?" Clicking on the most recent security update link, located here: http://docs.info.apple.com/article.html?artnum=301061 Gives us useful information, like CVE-IDs. Do you know what a CVE number is used for? Example entry: * AFP Server Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8 CVE-ID: CAN-2005-0340 Impact: A specially crafted packet can cause a Denial of Service against the AFP Server. Description: A specially crafted packet will terminate the operation of the AFP Server due to an incorrect memory reference. Credit to Braden Thomas for reporting this issue. Now, we take this CVE number, look it up at http://cve.mitre.org, and we get the following: Name: CAN-2005-0340 (under review) Description: Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet. References: * BUGTRAQ:20050208 AppleFileServer Denial of Service. * URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110791369419784&w=2 * APPLE:APPLE-SA-2005-03-21 * URL:http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html If you are too obtuse to harvest this information you have no business dealing with information (let alone the security thereof). My favorite is this question, though: "And I ask you where is the expoit information?" LOL. That's adorable. ZOMG the vendor doesn't link to exploit code OB-FU! Do any vendors (intentionally) provide explicit information on how to exploit the very code they vend? Before you send another email, I ask that you strap on a clue-bag, chew on it for a while, really /digest/ the clue, then fire up that mail client. It'll be a good thing. Cory Altheide Senior Network Forensics Specialist NNSA Information Assurance Response Center (IARC) altheidec () nv doe gov "I have taken all knowledge to be my province." -- Francis Bacon PS Don't top-post.
Current thread:
- Re: Apple pentesting, (continued)
- Re: Apple pentesting Erik Winkler (Apr 05)
- Re: Apple pentesting Mike (Apr 06)
- RE: Apple pentesting Todd Towles (Apr 05)
- Re: Apple pentesting Daniel (Apr 05)
- Re: Apple pentesting sam f. stover (Apr 05)
- Re: Apple pentesting Thomas Stromberg (Apr 05)
- Re: Apple pentesting Thomas Hardly (Apr 06)
- RE: Apple pentesting Altheide, Cory B. (IARC) (Apr 05)
- RE: Apple pentesting Todd Towles (Apr 05)
- Re: Apple pentesting Daniel (Apr 06)
- RE: Apple pentesting Altheide, Cory B. (IARC) (Apr 05)
- RE: Apple pentesting Todd Towles (Apr 06)
- Re: Apple pentesting Javier Blanque (Apr 08)