[Tfug] Root exploit for Mac OS X

Angus Scott-Fleming angussf at geoapps.com
Fri Jun 20 07:21:33 MST 2008


'Tain't FOSS but it's often discussed here.  Just came across this little gem:

------- Included Stuff Follows -------
Root exploit for Mac OS X

    A vulnerability in Mac OS X 10.4 and 10.5 makes it easy for potential 
    attackers to obtain root rights to a system. The ARDAgent - Apple Remote 
    Desktop - part of Remote Management has the SUID bit set. ARDAgent is able 
    to run AppleScript with root rights and these, in turn, may contain shell 
    commands - all without requiring a password.

    To demonstrate the problem as a standard user or guest on a computer, type 
    osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; into the 
    console. Physical access to a system is not required for an attack to be 
    successful. In principle, the exploit will also work remotely, say on a 
    server on which a user has a restricted account with SSH access.

--------- Included Stuff Ends ---------
More details and links here:
http://www.heise-online.co.uk/security/Root-exploit-for-Mac-OS-X--/news/110968






More information about the tfug mailing list