Major security hole found in OS X 10.1

[InfoSec News <isn () c4i org>]

http://www.insanely-great.com/news/01/1084.html

Michael Flaminio 
Insanely Great Mac
October 17, 2001 

Mac OS X 10.1 users will want to take note of a local security hole.
The X 10.1 bug allows anyone to gain root access via the Terminal.

The security hole can be used on any Mac OS X 10.1 local terminal.
Using the exploit, anyone can gain root access via the Terminal
application.

For most Mac users this may to be too big of a deal, since under OS 9,
most anyone with access to the desktop essentially already has
administrative level access. However, for those depending on OS X's
security for either multiple user security or system integrity, may be
in for a surprise.

To access the exploit: 

- Log into OS X 10.1 under any user. 
- Open the Terminal application, then quit the application 
- Open the NetInfo Manager application and keep it as the foreground
  application 
- Open the Terminal application from the Recent Items Menu. 

You will then be logged in as root in the terminal. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.