Re: [Full-Disclosure] OS X DirectoryService DoS {@stake adv: a041003-1}

From: subversive (subversive@linuxmail.org)
Date: 04/17/03

  • Next message: Shawn McMahon: "Re: [Full-Disclosure] Thomas E Cooper/Boulder/IBM is out of the office."
    From: "subversive " <subversive@linuxmail.org>
    To: full-disclosure@lists.netsys.com
    Date: Thu, 17 Apr 2003 15:17:35 +1200
    

    Neeko Oni wrote:

    >Ok, the PATH problem is self-explanatory (and has been exploited once
    the DirectoryService process has crashed) but I've had some difficulty
    >reproducing the DoS attack claim. I've got a 10.2.4 machine sitting
    >right next to me, I believe it's a stock install, but DirectoryService
    >doesn't bind 625. DirectoryService doesn't bind any ports and
    >furthermore nothing binds 625 at all.
    >
    >Has anyone reproduced the DoS in that advisory?

    I also read the advisory and of the two MacOS machines that I am able
    to access (only one locally) I can confirm that on the machine that
    I don't have local access there was a daemon running on port 625 and
    as the advisory states I was able to reproduce the DoS attack. I'm
    not sure exactly which version of MacOS X that machine was running
    but the daemon did crash and and refuse connection.

    On the machine that I know for a fact is 10.2.4 and have local access to,
    DirectoryService was setuid root and was running but there was no port
    625 open. I haven't port scanned the machine to check other ports yet
    so i'm not ruling out the possibility its running on a different port
    just yet.

    Has anyone else looked into this matter... ?

    -subversive

    -- 
    ______________________________________________
    http://www.linuxmail.org/
    Now with e-mail forwarding for only US$5.95/yr
    Powered by Outblaze
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: Shawn McMahon: "Re: [Full-Disclosure] Thomas E Cooper/Boulder/IBM is out of the office."

    Relevant Pages