Re: [Full-Disclosure] OS X DirectoryService DoS {@stake adv: a041003-1}
From: subversive (subversive@linuxmail.org)
Date: 04/17/03
- Previous message: John Cartwright: "[Full-Disclosure] Administrivia: Vacation Messages"
- Maybe in reply to: Neeko Oni: "[Full-Disclosure] OS X DirectoryService DoS {@stake adv: a041003-1}"
- Next in thread: Neeko Oni: "Re: [Full-Disclosure] OS X DirectoryService DoS {@stake adv:"
- Reply: Neeko Oni: "Re: [Full-Disclosure] OS X DirectoryService DoS {@stake adv:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "subversive " <subversive@linuxmail.org> To: full-disclosure@lists.netsys.com Date: Thu, 17 Apr 2003 15:17:35 +1200
Neeko Oni wrote:
>Ok, the PATH problem is self-explanatory (and has been exploited once
the DirectoryService process has crashed) but I've had some difficulty
>reproducing the DoS attack claim. I've got a 10.2.4 machine sitting
>right next to me, I believe it's a stock install, but DirectoryService
>doesn't bind 625. DirectoryService doesn't bind any ports and
>furthermore nothing binds 625 at all.
>
>Has anyone reproduced the DoS in that advisory?
I also read the advisory and of the two MacOS machines that I am able
to access (only one locally) I can confirm that on the machine that
I don't have local access there was a daemon running on port 625 and
as the advisory states I was able to reproduce the DoS attack. I'm
not sure exactly which version of MacOS X that machine was running
but the daemon did crash and and refuse connection.
On the machine that I know for a fact is 10.2.4 and have local access to,
DirectoryService was setuid root and was running but there was no port
625 open. I haven't port scanned the machine to check other ports yet
so i'm not ruling out the possibility its running on a different port
just yet.
Has anyone else looked into this matter... ?
-subversive
-- ______________________________________________ http://www.linuxmail.org/ Now with e-mail forwarding for only US$5.95/yr Powered by Outblaze _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: John Cartwright: "[Full-Disclosure] Administrivia: Vacation Messages"
- Maybe in reply to: Neeko Oni: "[Full-Disclosure] OS X DirectoryService DoS {@stake adv: a041003-1}"
- Next in thread: Neeko Oni: "Re: [Full-Disclosure] OS X DirectoryService DoS {@stake adv:"
- Reply: Neeko Oni: "Re: [Full-Disclosure] OS X DirectoryService DoS {@stake adv:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
