Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Vulnerability in Mac OS X

by Donna Buenaventura Nov 26, 2003 4:55PM PST
Mac OS X Trust of DHCP-Provided Directory Servers Lets Remote Users Login With Root Privileges

SecurityTracker Alert ID: 1008307
CVE Reference: GENERIC-MAP-NOMATCH
Date: Nov 26 2003
Impact: Root access via network
Exploit Included: Yes Vendor Confirmed: Yes
Version(s): OS X 10.2, 10.3, 10.3.1

Description: A vulnerability was reported in the default configuration of Mac OS X DHCP-related authentication services. A remote user can gain root access on the target system.

William Carrel reported that, by default, Mac OS X is configured with DHCP enabled and will attempt to connect to any LDAP or NetInfo servers specified by a DHCP response. The report indicates that the operating system will explicitly trust the LDAP or NetInfo server and will permit a remote user that is defined in the LDAP or NetInfo server as having uid 0 permissions to access the target system with an arbitrary user name.

If the target system is rebooted (restarting the 'netinfod' process), the remote directory server will reportedly be added to the authentication source list on the target system and then trusted by the target system. A remote user can then login to any authentication-enabled service (e.g., ssh) that is running on the target server.

The vendor was reportedly notified on October 9, 2003.

The original advisory is available at: http://www.carrel.org/dhcp-vuln.html

Impact: A remote user can access the system with root privileges.

Solution: No solution was available at the time of this entry.

The author of the report has described two workaround options:

1) Prevent network authorization services from obtaining settings from DHCP:

* in Directory Access, select LDAPv3 in the Services tab, click "Configure...", uncheck "Use DHCP-supplied LDAP Server"

* in Directory Access, select NetInfo in the Services tab, click "Configure...", uncheck "Attempt to connect using broadcast protocol" and "Attempt to connect using DHCP protocol"

* in Directory Access, uncheck LDAPv3 and NetInfo in the Services tab

2) Turn off DHCP on all interfaces.

Vendor URL: www.apple.com/
Cause: Authentication error, Configuration error
Underlying OS: UNIX (Mac OS X)

http://www.securitytracker.com/alerts/2003/Nov/1008307.html

Discussion is locked

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info