| |
|
This page contains all of the posts and discussion on MemeStreams referencing the following web page: Remote root in Mac OS-X. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.
|
Remote root in Mac OS-X
by Acidus at 1:49 pm EDT, May 27, 2007 |
A remote user can send specially crafted data to trigger a buffer overflow in the UPnP Internet Gateway Device Standardized Device Control Protocol code and execute arbitrary code on the target system. The code will run with the privileges of the target service.
"privileges of target service" == root Apple credits Michael Lynn of Juniper Networks with reporting this vulnerability.
Mike's fuzzing DNS again which is oh so Dan Kaminski-esque. update: My name is Billy, and I am retarded. This is UPnP. Too much Book, not enough sleep. |
| |
RE: Remote root in Mac OS-X
by Abaddon at 5:35 pm EDT, May 27, 2007 |
Acidus wrote: A remote user can send specially crafted data to trigger a buffer overflow in the UPnP Internet Gateway Device Standardized Device Control Protocol code and execute arbitrary code on the target system. The code will run with the privileges of the target service.
"privileges of target service" == root Apple credits Michael Lynn of Juniper Networks with reporting this vulnerability.
Mike's fuzzing DNS again which is oh so Dan Kaminski-esque.
I don't fuzz and this was not DNS it was upnp, also interesting to note that the bug was fully remote, not local lan, still dont know why apple said it was local lan only... --Mike |
|
| | |
RE: Remote root in Mac OS-X
by flynn23 at 11:24 am EDT, May 28, 2007 |
Abaddon wrote: Acidus wrote: A remote user can send specially crafted data to trigger a buffer overflow in the UPnP Internet Gateway Device Standardized Device Control Protocol code and execute arbitrary code on the target system. The code will run with the privileges of the target service.
"privileges of target service" == root Apple credits Michael Lynn of Juniper Networks with reporting this vulnerability.
Mike's fuzzing DNS again which is oh so Dan Kaminski-esque.
I don't fuzz and this was not DNS it was upnp, also interesting to note that the bug was fully remote, not local lan, still dont know why apple said it was local lan only... --Mike
That service runs as root? It doesn't run as a jailed user? WTF??? |
|
| | | |
RE: Remote root in Mac OS-X
by Abaddon at 11:14 pm EDT, May 29, 2007 |
flynn23 wrote: Abaddon wrote: Acidus wrote: A remote user can send specially crafted data to trigger a buffer overflow in the UPnP Internet Gateway Device Standardized Device Control Protocol code and execute arbitrary code on the target system. The code will run with the privileges of the target service.
"privileges of target service" == root Apple credits Michael Lynn of Juniper Networks with reporting this vulnerability.
Mike's fuzzing DNS again which is oh so Dan Kaminski-esque.
I don't fuzz and this was not DNS it was upnp, also interesting to note that the bug was fully remote, not local lan, still dont know why apple said it was local lan only... --Mike
That service runs as root? It doesn't run as a jailed user? WTF???
nope, its like 1997 up in here ;)...the only thing they have is a non-executable stack, but with no ASLR that is totally useless, took me less than 2 minutes to work around that...I use apple products enough that little by little I'm hoping I can help to nudge their priorities towards implimenting some defense in depth on their platform, cause right now, from a security standpoint they are way behind MS... right now the only reason why apple isnt seen as being less secure than MS is because the user base is still small by comparison, but having a target that hackers are less likely to hack make a system secure the same way that costa-rica is a military power even though they have no army, just because no-one would think to invade... anyways in the mean time keep an eye out for more patches, cause securing apple is a new priority of mine... --Mike |
|
| |
RE: Remote root in Mac OS-X
by skullaria at 9:09 pm EDT, May 28, 2007 |
I got an email that this was no longer rated a hacker site. I log on and what do I see? Root Root Root.
W00T! LMAO |
|
Remote root in Mac OS-X
by Rattle at 4:22 pm EDT, May 27, 2007 |
A remote user can send specially crafted data to trigger a buffer overflow in the UPnP Internet Gateway Device Standardized Device Control Protocol code and execute arbitrary code on the target system. The code will run with the privileges of the target service.
"privileges of target service" == root Apple credits Michael Lynn of Juniper Networks with reporting this vulnerability.
Mike's fuzzing DNS again which is oh so Dan Kaminski-esque. |
|
|
