Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Responds to Exploit

Posted by pudge on from the feature-not-bug dept.

Dave Schroeder writes, "This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network. The quick 'fix' for the vast majority of users who choose to implement it is to uncheck LDAPv3 and NetInfo altogether in Directory Access. Or, if LDAP services are used, just uncheck 'Use DHCP-supplied LDAP Server' in LDAPv3. ... One could argue that these features should be off by default, but if they are, it kind of wrecks the whole auto-configuration scheme." This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.

5 of 351 comments (clear)

  1. Pudge by Anonymous Coward · · Score: 1, Troll

    Is nothing but an Apple apologist. Pretty sad that someone can be so suckered into something. Apple is OK, but they aren't perfect (no company is).

  2. Services on by default? by satyap · · Score: 1, Troll

    This doesn't sound much different from MS's way of leaving most services turned on and wide open by default.

  3. OMG, I just found a Win9x exploit by libra-dragon · · Score: 0, Troll
    At the login window, if you press ESC you can gain full access to the system!! No username/password needed.

    Sorry to release this 'sploit "into the wild" without warning Microsoft, but I figured it was important to warn Win9x system admins ASAP. I also thought that Microsoft has had plenty of time to find/fix this major flaw --it is 2003...

  4. Re:Quick fix, just not easy for Mac users.. by Uma+Thurman · · Score: 0, Troll

    Unfortunately, my rule about the opt-in for my freaks list cannot be broken. I'll be watching, and if you say something wrong, I'll do my best Ann Coulter (if she were a liberal) impression for you.

    --
    This is America, damnit. Speak Spanish!
  5. Re:Quick fix, just not easy for Mac users.. by Uma+Thurman · · Score: 0, Troll

    There you go with the false dichotomy, which is typical for a lying conservative.

    I'm not breaking your rules at all. You've blocked me out of your forum. There you go.

    You're just mad because if you game the system that way, you've got another problem. In other words, a conservative isn't happy until he can have his cake and eat it too.

    Also, there's no rules for you to follow, yet another lie of yours that I've exposed. When you click the foes button, I click my friend button and I follow you. When you click the neutral button, I don't follow you. When you click the friend button, I click my friend button and don't follow you. Those are my rules, not yours.

    --
    This is America, damnit. Speak Spanish!