New Remote Root in Mac OS X

Cysgod writes "I've released a security advisory detailing a new remote root vulnerability in Mac OS X 10.3, 10.2 and possibly earlier versions." The main thrust is that it exploits a problem in the DHCP client, to gain root access, and turning off various services can prevent attack. It is unclear why an exploit was made public before Apple resolved the problem. Apple's fix is apparently scheduled for a December release.

Does it not require directory access turned on?

[goombah99]

Perhaps Someone can explain. As I understand macs dont by default go beyond the local netinfo/passwd file to authenticate unless instructed to do so. You can turn on directory access and enable authentication by ldap or remote net-info, but I dont beleive this on by default is it?

if so this is pretty much a non-bug since it would require some idiot to both be doing remote authentication and be plugged into a dhcp network. For that matter one could just pretend to be a known authtication host and provide bogus authentication regardless of the dhcp status.

what am I missing here. or is this thing on by default?