[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
From: "Brian K." <codesamurai@xxxxxxx>
Date: Thu, 19 May 2005 11:07:43 -0400

The issue is *any* application shouldn't have the ability to gain administrative control (by waiting for sudo [intended for something else] to be done).

Self correction/elaboration note: Sorry, that was a tad terse to the point of being incomplete. It was intended to be framed in the context of what was already discussed in this thread. (i.e. something else doing the sudo intended for its own purposes, etc., all of which everyone is already well aware of.) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
  - From: Brian K.

Prev by Date: [Full-disclosure] [USN-130-1] TIFF library vulnerability
Next by Date: RE: [Active Spam - GGL Filter] [Full-disclosure] AW: Security iss ue in Microsoft Outlook
Previous by thread: Re: [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
Next by thread: [Full-disclosure] MDKSA-2005:089 - Updated cdrdao packages fix local root vulnerability
Index(es):
- Date
- Thread