Re: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
From: Vade 79 (v9_at_fakehalo.deadpig.org)
Date: 02/18/05
- Previous message: Martin Pitt: "[USN-66-2] PHP vulnerability"
- Maybe in reply to: TAC: "NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 18 Feb 2005 05:18:44 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <DBA4F9D89F7DD54DB5E33F41D90DD3E003277F3A@shq-exu1.netsec.net>
>VULNERABILITY DETAILS
>
>Name: Multiple Vulnerabilities Resulting From Use Of Apple
OSX
>HFS+=20
>Impact: HIGH
>Platform: Apple OS X (Darwin) <=3D 10.2
>Method: Possible unauthorized access to file system data
>Identifier: 07012005-01
After reading your advisory I do agree it is a security issue, and is
certainly worthy of reporting/posting. However a HIGH impact? I just
don't see it; at most they can read CGI scripts, and most of the time
they can't even do that. For example, I tested it on my OSX Apache
server and my (perl) scripts were forbidden to read by default using the
method mentioned("/path/to/file/..namedfork/data").
Sorry if this seems like a rant.
- Previous message: Martin Pitt: "[USN-66-2] PHP vulnerability"
- Maybe in reply to: TAC: "NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
