[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
From: Vade 79 <v9@xxxxxxxxxxxxxxxxxxxx>
Date: 18 Feb 2005 05:18:44 -0000

In-Reply-To: <DBA4F9D89F7DD54DB5E33F41D90DD3E003277F3A@xxxxxxxxxxxxxxxxxxx>

>VULNERABILITY DETAILS
>
>Name:          Multiple Vulnerabilities Resulting From Use Of Apple 
OSX
>HFS+=20
>Impact:        HIGH
>Platform:      Apple OS X (Darwin) <=3D 10.2
>Method:        Possible unauthorized access to file system data
>Identifier:    07012005-01

After reading your advisory I do agree it is a security issue, and is 
certainly worthy of reporting/posting.  However a HIGH impact? I just 
don't see it; at most they can read CGI scripts, and most of the time 
they can't even do that.  For example, I tested it on my OSX Apache 
server and my (perl) scripts were forbidden to read by default using the 
method mentioned("/path/to/file/..namedfork/data").

Sorry if this seems like a rant.

Prev by Date: [USN-66-2] PHP vulnerability
Next by Date: Re: SHA-1 broken
Previous by thread: [USN-66-2] PHP vulnerability
Next by thread: MDKSA-2005:043 - Updated xpdf packages fix vulnerabilities on 64 bit platforms
Index(es):
- Date
- Thread