Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac OS X Buffer Overflow Found

Posted by ryuzaki0 on from the and-so-it-begins dept.

MacDork writes "Well, if default settings in Mac OS X made Lance Ulanoff excited, this is really going to make him do the monkey boy dance... SecurityFocus's Bugtraq mailing list just posted a buffer overflow, in the utility for mounting and probing ISO 9660 file systems. No exploits were mentioned. No word on whether 'Max' alerted Apple or anyone outside of the Bugtraq mailing list though." Also, 'Max' made entirely unfounded, sweeping statements about the general quality of Mac OS X from this one little item, but oh well. When you're on top, you make a tempting target.

10 of 161 comments (clear)

  1. Re:Looks low risk to me... by MSG · · Score: 4, Insightful

    The potential for exploit doesn't require you to insert a CD. It may be exploitable by command line arguments. If so, then there may be a vector for an attacker to begin privilege escalation if he can achieve access to a local account, in which case this would present a full root vulnerability to a remote user.

  2. Re:wtf by hype7 · · Score: 4, Insightful
    I'm always amazed at how fast Mac users will resort to MS-style tactics and excuses.


    The difference is that Apple, unlike Microsoft, provides timely patches. Not timely excuses.

    -- james
  3. You aren't doing a thing for Apple's image by 0x0d0a · · Score: 4, Insightful

    Blind, stupid fanaticism doesn't do anything to help Apple -- it just means that people ignore Mac fans.

    MacDork writes "Well, if default settings in Mac OS X made Lance Ulanoff excited, this is really going to make him do the monkey boy dance... SecurityFocus's Bugtraq mailing list just posted a buffer overflow, in the utility for mounting and probing ISO 9660 file systems. No exploits were mentioned. No word on whether 'Max' alerted Apple or anyone outside of the Bugtraq mailing list though." Also, 'Max' made entirely unfounded, sweeping statements about the general quality of Mac OS X from this one little item, but oh well.

    I've seen *tons* of vulnerability releases about companies that contain harsh criticism of their security policies. This is not unusual. At the least, Apple screwed up on an important utility. They can take their lumps, same as everyone else does when they screw up.

    When you're on top, you make a tempting target.

    Apple isn't "on top" of much of anything that I can think of. Small/midrage servers? That's Linux-dominated. Workstations? That's Windows-dominated. I suppose they have more users than the other BSD variants, for what that's worth.

    Frankly, "Max" may be biased. I suspect that he's mostly right -- that the hammered-on and designed-by-folks-with-security-experience BSD code is more reliable than the new stuff Apple churned out. I do know that "MacDork" definitely *is* biased.

    I wish editors would reject stories that are just blatently biased, or at least reserve the right to re-summarize story submissions.

    --
    May we never see th
    1. Re:You aren't doing a thing for Apple's image by steeviant · · Score: 5, Insightful

      Apple isn't "on top" of much of anything that I can think of. small/midrage servers? That's Linux-dominated. Workstations? That's Windows-dominated. I suppose they have more users than the other BSD variants, for what that's worth.

      Or more users than all of the other Unix systems put together if you're talking about the desktop.

      Apple sell more Unix than any other vendor in the world at the moment, so they are on top in at least one respect.

  4. In All My Years... by Bloodmoon1 · · Score: 4, Insightful
    On OS X, about 2 of them, actually, I've seen 1 bug that COULD have posed a problem for me. Maybe I'm just not as big of a power user as I think I am, but I really fail to see how virtually any of the bugs/exploits/whatever that are found for OS X are any type of problem. Yes they need patched, but they almost don't seem worth mentioning except for the sheer novelty of it, and maybe as some sort of strange inferiority complex kick for Windows users, as a recent article seems to suggest.

    Take this one for example, which many considered to be a "big security issue". Basically it only was a problem:
    1. On laptops.
    2. When someone had sudo running in Terminal.
    3. When the computer was put to sleep.
    4. For 10-20 SECONDS after the computer was woken up, but before the clock was updated, someone with physical access to the computer could execute code.
    What a massive, gaping, goatse proportioned hole. Who knew it was a bad idea to leave your computer running sudo just laying around in Starbucks while you went to the can? And Apple still had a patch out in a week or two. And in 10.3, passwords can be required to wake the computer, further negiating this and any similar problems.

    Now compare that to the 50 critical security fixes needed immediately for an install of a year old Windows XP disk. And the fact that there are about a hundred different ways to execute code in Windows, either legitimate or malicious, all across the system, even in the damn web browser.

    Basically what I'm getting at here is that this is newsworth simply for the fact that it really isn't. I'd be willing to bet 0 people will have any problem with this before it is patched.

    And on a personal note, "Max" sounds pretty fucking stupid and ignorent. "It appears that parts of MacOSX that didn't come from BSD are not very well written and have significant security issues." Oh boy! I found a buffer overflow that will effect no one and that I probably didn't even bother to inform Apple about before hand! I'm a L337 haX0r bitches! Now if he just would have thrown in something about how Apple is beleaguered and BSD is dying, we could just chaulk up "Max" as a lucky troll.
    --

    Request: ECM unit, 1000 km fullerene cable, 1 tactical nuclear weapon. Reason: Birthday party for foreign dignitary.
    1. Re:In All My Years... by Bloodmoon1 · · Score: 3, Insightful

      50 is a kind of randapher guess I took. I'm sure it would be more if I went and actually bothered to check, but I don't really care. If Apple (OS What? Details son, details) has had 78 holes, Microsoft has probably had about 8 million. Besides, who cares? We all know MS systems are less secure than Apple systems. No news there. Stop trying to defend against every anti-MS comment, it's to much work for a person to do. Besides, I said 50 critical fixes. I guarantee there haven't been that many critical fixes to OS X.

      And I'm well aware, as are virtually all Mac users, that we don't have the perfect OS by any means. It has it's issues. All of them do. Just ours has fewer issues than almost all others (especially compared to our user base), is probably the easiest to use (approx. 10 years of usage, never had to even deal with device drivers) and learn, has a decent amount of software support, has 0 viruses (besides the ones that affect all Microsoft products on all platforms), and is by far and away just the nicest looking. No one ever said it was perfect. Jaguar was the same way. And it's better now in Panther. And OS X will be better still in 10.4, and then 10.5, and so on. Things are as good as they ever have been, but they can only get better from here.

      On a totally unrelated note, I'm updating my post reply policy for ACs.

      --

      Request: ECM unit, 1000 km fullerene cable, 1 tactical nuclear weapon. Reason: Birthday party for foreign dignitary.
  5. When OSX becomes popular... by eyeball · · Score: 5, Insightful

    Unfortunately, when OSX becomes popular enough, it will become a huge security target. But it won't be security exploits that pose a problem, it will be the same problems that plague Windows today:

    Just like in the Windows world, it's social engineering that causes installation and execution of quasi-legal applications like Comet Cursor and Bonsai Buddy, as well as downright unethical and illegal programs (virus and worms) that get installed when a user is told "click on the .exe to see boobies." No type of security can possibly stop that type of human behavior (being an IT I'm convinced that education, warnings, and even threats can't stop it).

    --

    _______
    2B1ASK1
  6. local vs remote holes, overall quality by 47PHA60 · · Score: 4, Insightful

    Even OpenBSD has local root exploits, and they have been fixing them for years. A local exploit could be used to load a root program that listens on the network, so you fix it.

    I've seen lots of security advisories make fun of or insult the product and company in question. Big deal, a programmer skilled enough to find a buffer overflow makes fun of Steve Jobs' product. Mr. Jobs can afford a gold thread hanky to wipe his tears, but more likely it just rolls off their backs; people have been making fun of Apple for decades.

    In general, it is hard to program an OS, and once it is out there, easier to poke holes in it. That is why security is difficult. Fix the problem, review your code for similar problems, fix those, move on.

  7. Re:Details: by Arkham · · Score: 4, Insightful

    And THIS parent post, ladies and gentleman, is EXACTLY why open source is good, and why Apple was VERY SMART to release its Darwin source code under an open-source license.

    Windows has a root exploit, and we are dependent on Microsoft to get around to fixing it. Thanks to Darwin, we can fix our own OSX bugs much of the time.

    --
    - Vincit qui patitur.
  8. Re:Looks low risk to me... by freerangegeek · · Score: 5, Insightful

    Excuse me, but to execute a mount I have to at least have a shell on the affected machine, right? I may not need console access, but I do need shell access.

    And, by default, the firewall is ON, and sshd is disabled, so 'by defualt' I do need local access. And to execute a 'shell capable' program I can't just mail an attachment to the user, the user has to actively open it.

    Admittedly, this is a serious problem that needs fixing, but this won't be narachi, codered, etc. I'll bet you we have a fix in less than 2 weeks available for download via the system update command. (probably less)

    Lee