[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability

To: ph0enix <ph0enix@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
From: Jonathan Zdziarski <jonathan@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 19 May 2005 08:08:27 -0400


On May 19, 2005, at 2:36 AM, ph0enix wrote:

Date: May 19, 2005 Description: OSX 10.4 Dashboard Permits Hijacking of Authenticated Credentials
This issue is known since 2005-05-09 and OSVDB had an entry already:
http://www.osvdb.org/16499

This URL is for the widget injection issue, not the authenticated credentials hijacking issue. I already mentioned the Safari issue was known about.

Versions Affected:
OSX 10.4.0
OSX 10.4.1
10.4.1 doesn't seem to be vulnerable. Could you please show how do you exploit this when the option in Safari is turned on?


widget.system("sudo id >> /tmp/out", null);

Jonathan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
  - From: ph0enix

References:
- [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
  - From: Jonathan Zdziarski
- Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
  - From: ph0enix

Prev by Date: [Full-disclosure] RE: Security issue in Microsoft Outlook
Next by Date: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
Previous by thread: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
Next by thread: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
Index(es):
- Date
- Thread