[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability

To: Jonathan Zdziarski <jonathan@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
From: ph0enix <ph0enix@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 19 May 2005 14:31:43 +0200

widget.system("sudo id >> /tmp/out", null);

ok, but this is not only specific to Dashboard widgets or Mac OS X 10.4. This is also possible with every other malicious application which waits in the background until the user hits the sudo command to elevate its privileges. Also, if you remove the password grace period in the /etc/sudoers file, the trick will not work.

www.osvdb.org -- everything is vulnerable.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
  - From: Jonathan Zdziarski

References:
- [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
  - From: Jonathan Zdziarski
- Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
  - From: ph0enix
- Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
  - From: Jonathan Zdziarski

Prev by Date: [Full-disclosure] Re: Security issue in Microsoft Outlook
Next by Date: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
Previous by thread: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
Next by thread: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
Index(es):
- Date
- Thread