leedogg Posted December 13, 2003 Share Posted December 13, 2003 Vulnerability: Malicious DHCP response can grant root access Affected Software Mac OS X 10.3 (all versions through at least 26-Nov-2003) Mac OS X Server 10.3 (all versions through at least 26-Nov-2003) Mac OS X 10.2 (all versions through at least 26-Nov-2003) Mac OS X Server 10.2 (all versions through at least 26-Nov-2003) Probably earlier versions of Mac OS X and Mac OS X Server Possibly developer seeded copies of future versions of Mac OS X Abstract A series of seemingly innocuous default settings can cause an affected Mac OS X machine to trust a malicious machine on a network for user, group, and volume mounting settings. What does this mean to the average user Anyone who can gain access to your network can gain administrator (root) access to your computer and therefore steal your data or launch attacks upon others as soon as you reboot your machine. System administrators and users of affected software should read the section "Workarounds" for immediate actions to protect their machines. It is important to note that WEP security in 802.11b/g (AirPort/AirPort Extreme) wireless networks is generally not sufficient to protect your network from access by an attacker. You can read more about it here: http://www.eweek.com/article2/0,4149,1398573,00.asp It also only works if the malicious server is on your LAN, so most people won't have to worry about it Link to comment Share on other sites More sharing options...
uiop Posted December 13, 2003 Share Posted December 13, 2003 Apple has already raised this awareness and has a KB page on it for those who want to turn this "feature" off Link to comment Share on other sites More sharing options...
Tim Dorr Veteran Posted December 13, 2003 Veteran Share Posted December 13, 2003 It's a double-edge sword of a bug. If they turn it off, you can't auto-configure OSX systems as easily. If you leave it on, you're open to future attack. It's fairly simple to fix (doesn't involve any crazy shell stuff), and should be fixed in an update soon (I'm guessing 10.3.2). Oh, and that update won't be held off until the end of the month. We'll get it when it's ready :p Just thought of another way to refute it: It only affects you if you reboot often, which doesn't happen much with a Mac :p This is fun :D Link to comment Share on other sites More sharing options...
frod Posted December 14, 2003 Share Posted December 14, 2003 some guy listed how to exploit it and it's pretty ridiculous. if you want to use this exploit effectively, you'd have to sit around at a starbucks or something, wait for a guy to plug in to the network, hope the guy reboots while on the network while you are there, and then install something that will relay their ip to you when they leave so you can login again later (assuming he/she doesn't have a router or firewall). maybe if this exploit was in windows98 it would be effective (you have to reboot win98 just to change from manual ip to dhcp don't you?), but realistically that scenario is just all together practically non-existent. if you let people onto your lan otherwise that you think will hack your box, you might as well just give them your password. personally i think the guy who posted the advisory blew this up out of proportion. Link to comment Share on other sites More sharing options...
isus Posted December 14, 2003 Share Posted December 14, 2003 this isn't really a big problem... someone actually has to set up the dhcp server to do this. since most desktops are used in a house with either an airport (which uses dhcp, and can't be configured to do this) or are on ethernet to an isp (it would be illegal for an isp to hack your computer, i don't think anybody would be dumb enough to go through the lost business and suing). so, this only really applies to powerbooks/ibooks that make frequent trips wardriving on just anybody's wifi. Link to comment Share on other sites More sharing options...
Recommended Posts