Mac OS X setuid root security hole

From: rotaiv (rotaiv@biapo.com)
Date: 10/17/01

Previous message: TAKAGI, Hiromitsu: "Mac OS X v10.0.x J2SE v1.3 clipboard tapping vulnerability"
Next in thread: Florian Kohl: "Re: Mac OS X setuid root security hole"
Reply: Florian Kohl: "Re: Mac OS X setuid root security hole"
Reply: Chris Adams: "Re: Mac OS X setuid root security hole"
Reply: Ken Schweigert: "Re: Mac OS X setuid root security hole"
Reply: Kee Hinckley: "Re: Mac OS X setuid root security hole"
Reply: Chris Adams: "Re: Mac OS X setuid root security hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-Id: <5.1.0.14.2.20011017124659.02820020@mail.biapo.com>
Date: Wed, 17 Oct 2001 12:53:13 -0400
To: bugtraq@securityfocus.com
From: rotaiv <rotaiv@biapo.com>
Subject: Mac OS X setuid root security hole

I can't recall if I have seen this on BugTraq so forgive me if this is an
old issue.

Try these steps on an OS X machine (not logged in as root)

  - Open up the terminal application
  - Quit the terminal application
  - Open up NetInfo Manager (leave it in the foreground)
  - Open up the Terminal application form the "Recent Items" list in the
Apple Menu.

You should now be logged in as root!

This was passed on to me from the "Macsec mailing list"
http://www.macsecurity.org/mailman/listinfo/macsec

Previous message: TAKAGI, Hiromitsu: "Mac OS X v10.0.x J2SE v1.3 clipboard tapping vulnerability"
Next in thread: Florian Kohl: "Re: Mac OS X setuid root security hole"
Reply: Florian Kohl: "Re: Mac OS X setuid root security hole"
Reply: Chris Adams: "Re: Mac OS X setuid root security hole"
Reply: Ken Schweigert: "Re: Mac OS X setuid root security hole"
Reply: Kee Hinckley: "Re: Mac OS X setuid root security hole"
Reply: Chris Adams: "Re: Mac OS X setuid root security hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Try flushing the ports renewed lack and Simon will flow you!
... Mary's bottle kills amid our pumpkin after we recall regarding it. ... unless Said parks englishmans away from Edwina's ... special for Kaye to dare it. ... root despite swiss careers, unless they're major. ...
(sci.crypt)
Re: root in FC 10
... Timothy Murphy wrote: ... I must say I haven't noticed that, as I haven't logged in as root for years. ... But I do recall one time when it was useful, ... for thou art crunchy and taste good with Ketchup! ...
(Fedora)
Re: Disk problem ?
... i've also seen similar issues w/ HP-UX 11.0 when running threads. ... root of the problem was the the thread implementation at the OS level ... I can't recall if that was on OpenIngres 1.2 or Ingres II 2.0 (too ...
(comp.databases.ingres)
Re: Scripting!
... I can see everything else in the root ... > I think there is another step beyond what Miro said if you don't want the ... > ago and can't recall how I did it. ... Prev by Date: ...
(microsoft.public.inetserver.iis.ftp)
Re: Mac OS X setuid root security hole
... Mac OS X setuid root security hole ... > I can't recall if I have seen this on BugTraq so forgive me if this is ...
(Bugtraq)