Bugtraq mailing list archives
Re: Mac/At Ease/Netscape File Access Exploit
From: method () YIKES COM (Dan Fleisher)
Date: Tue, 20 May 1997 22:09:16 -0700
That's just the tip of the iceberg. Since the machine being attacked is 'netted' (obviously, else it wouldn't be running Netscape), there is lots more fun you can have with it. For example, given an email account somewhere you can use the 'mail url' feature to send yourself any file on the system, regardless of priviliges. A good file to send would be the 'At Ease Preferences' file which contains the master At Ease preferences. Once you have obtained this, cracking the password is trivial with a program such as DisEase, thus leading to a total comprimise. Meth method () yikes com On Tue, 20 May 1997, Nathan Dorfman wrote:
Please don't flame me for posting Mac stuff to a UNIX list I see NT crap here all the time, and thought some admins may think twice before running At Ease (or before running Macs in the first place). SYNOPSIS: At Ease apparently doesn't patch the kernel to introduce file restrictions, but modifies a library that programs call to display an Open File dialog box. IMPACT: This bug allows a user to read files and directories he shouldn't have access to under the At Ease system. DESCRIPTION: Under At Ease, files and folders that you shouldn't have access to are grayed out in Open File dialogs. Using a program like Netscape you can bypass the dialog, using a URL such as: file://TZHS%20HD%202/Documents/Dorfman%20Nathan Note that the implementation of Netscape used automatically converted spaces to %20 combinations as required by HTTP 1.1 (RFC 2068): file://TZHS HD 2/Documents/Dorfman Nathan/ Will show the contents of that folder. For non-text files, you can simply save the file into a folder you DO have access to and use the appropriate program to open it. EXTRA NOTES: Netscape will not let you modify the folders but a simple program can be written that takes a filename in a text-box and opens the file from its location, without copying. If you can write Mac code, and are willing to, please send to nathan () senate org.
Current thread:
- Mac/At Ease/Netscape File Access Exploit Nathan Dorfman (May 20)
- Re: Mac/At Ease/Netscape File Access Exploit Dan Fleisher (May 20)
- Re: Mac/At Ease/Netscape File Access Exploit Paul Melson (May 21)
- Re: Mac/At Ease/Netscape File Access Exploit Dan Fleisher (May 20)