[X-Unix] Root Exploit via sudo

Eugene list-themacintoshguy at fsck.net
Thu Apr 7 12:26:15 PDT 2005


Irrelevant.  Stupid the-sky-is-falling posting.  I'd write more,
but someone else has written something nice and succinct.

<http://www.securityfocus.com/archive/1/395142>
> > 
> > Explain to me how this is a MacOS specific bug? I can duplicate this 
> > behavior on my debian linux machine.
> > This is fairly generic to anything using sudo with out the included 
> > config options you mentioned below, or am I missing something? There
> > is no need to single out apple.
> >
> > If you have the ability to introduce a trojan into an admin level 
> > account you appear to have other issues on your hands. =]
> >
> > I think this advisory is more suited for a how to securely configure 
> > sudo FAQ.
> > -KF


On Thu, Apr 07, 2005 at 12:08:03PM -0400, Our PAl Al <opa at nyc.rr.com> wrote:
: 
: Just got this on the BugTraqMac list. Definitely relevant for here.
: 
: > +++++
: > 
: > There is a warning out about a potentially very serious security
: > vulnerability in OS X.  The vulnerability would allow a Trojan Horse to
: > gain root access without the need for user authentication.
: > 
: > The good news is that the vulnerability is easily patched.
: > 
: > The bad news is that Apple doesn't feel that it is a problem that they
: > have to deal with.
: > 
: > See:
: > <http://www.securityfocus.com/archive/1/395107/2005-04-03/2005-04-09/0>
: > Summary:
: > OSX can be root compromised by a trojan application.  The trojan
: > application does not require explicit user authentication to elevate its
: > privileges to root, nor does the root account need to be enabled.  The
: > Trojan application must be run from an account that is in the admin group,
: > which is the default for the first account created and the context in
: > which most users run.  Once executed, the trojan application must only
: > wait until the user leverages the sudo utility, either at the command line
: > or by another application that leverages sudo to elevate it's privileges.
: <snip>


-- 
Eugene
http://www.coxar.pwp.blueyonder.co.uk/


More information about the X-Unix mailing list