[22510] in bugtraq
RE: Possible Issue with Netinfo and Mac OS X
daemon@ATHENA.MIT.EDU (Dixie Flatline)
Tue Sep 4 00:23:33 2001
Date: Mon, 3 Sep 2001 08:57:26 -0300
From: Dixie Flatline <echo8@gh0st.net>
To: BUGTRAQ@securityfocus.com
Message-ID: <20010903085726.A22355@whip.gh0st.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
I have kept quiet about this to this point because I have not contacted Apple,
or given the vendor any opportunity to respond, but if this discussion is
going to be held in public, I think the following points are worthy of
discussion:
* /usr/bin/nireport can be run by any user and can pull essentially the same
information (including cyphertext passwords and password hints).
* /usr/bin/nidump can be used for pretty much the same thing.
Either of these can be run by any user, regardless of whether or not that user
exists in the sudoers file (which is to say whether or not that user is
allowed to "admin" the box).
* The netinfo GUI (/Applications/Utilities/NetInfo Manager.app/Contents/MacOS/NetInfo Manager) is suid to root and will give out this information without
requiring authentication.
My system is running 10.0.4 (build 4Q12) with the Web Sharing update installed.
echo8
