Bugtraq mailing list archives
Re: Mac/At Ease/Netscape File Access Exploit
From: melson () SCNC HOLT K12 MI US (Paul Melson)
Date: Wed, 21 May 1997 08:31:41 -0400
That's just the tip of the iceberg. Since the machine being attacked is 'netted' (obviously, else it wouldn't be running Netscape), there is lots more fun you can have with it. For example, given an email account somewhere you can use the 'mail url' feature to send yourself any file on the system, regardless of priviliges. A good file to send would be the 'At Ease Preferences' file which contains the master At Ease preferences. Once you have obtained this, cracking the password is trivial with a program such as DisEase, thus leading to a total comprimise. Meth method () yikes com
Yep, and it gets worse. If you use an AppleShare server (NetWare running APPLETLK.NLM or Linux running atalkd would also count) as At Ease's startup volume, then At Ease will automate the login process to the server. This is be nasty because whoever is logged in when At Ease is set up would automatically be logged in to the file server every time At Ease starts up thereafter. But it gets worse - the login information (ServerID, UserID, Password) is stored in the 'At Ease Preferences' file. This can be disabled from within the 'At Ease Setup (Workgroups)' utility by simply un-checking the box labeled 'Always remember the user's last-used AppleShare logins.' But since the default is to use the auto-login feature, I figured it was worth mentioning. FYI, disabling this feature doesn't remove the original copy of the AppleShare login information from the preferences file. Paul -- _____________________ melson () holt k12 mi us
Current thread:
- Mac/At Ease/Netscape File Access Exploit Nathan Dorfman (May 20)
- Re: Mac/At Ease/Netscape File Access Exploit Dan Fleisher (May 20)
- Re: Mac/At Ease/Netscape File Access Exploit Paul Melson (May 21)
- Re: Mac/At Ease/Netscape File Access Exploit Dan Fleisher (May 20)