Full Disclosure mailing list archives
Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
From: ph0enix <ph0enix () justonemorething org>
Date: Thu, 19 May 2005 14:31:43 +0200
widget.system("sudo id >> /tmp/out", null);
ok, but this is not only specific to Dashboard widgets or Mac OS X 10.4. This is also possible with every other malicious application which waits in the background until the user hits the sudo command to elevate its privileges. Also, if you remove the password grace period in the /etc/sudoers file, the trick will not work.
www.osvdb.org -- everything is vulnerable.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability, (continued)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Daniel (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Graham Reed (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ZATAZ.net (May 18)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 18)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Daniel (May 19)
- Content detection in html payload with snort ? Frederic Charpentier (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 19)
- Message not available
- Message not available
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Re: Ports used by trogens Who? (May 21)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Brian K. (May 19)