[ISN] Major security hole found in OS X 10.1

From: InfoSec News (isnat_private)
Date: Thu Oct 18 2001 - 00:42:18 PDT

  • Next message: InfoSec News: "[ISN] U.S. Cyberspace Security Office Must Define Its Mission -- Now"

    Michael Flaminio 
    Insanely Great Mac
    October 17, 2001 
    Mac OS X 10.1 users will want to take note of a local security hole.
    The X 10.1 bug allows anyone to gain root access via the Terminal.
    The security hole can be used on any Mac OS X 10.1 local terminal.
    Using the exploit, anyone can gain root access via the Terminal
    For most Mac users this may to be too big of a deal, since under OS 9,
    most anyone with access to the desktop essentially already has
    administrative level access. However, for those depending on OS X's
    security for either multiple user security or system integrity, may be
    in for a surprise.
    To access the exploit: 
    - Log into OS X 10.1 under any user. 
    - Open the Terminal application, then quit the application 
    - Open the NetInfo Manager application and keep it as the foreground
    - Open the Terminal application from the Recent Items Menu. 
    You will then be logged in as root in the terminal. 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 02:46:59 PDT