[4538] in bugtraq
Re: Mac/At Ease/Netscape File Access Exploit
daemon@ATHENA.MIT.EDU (Paul Melson)
Wed May 21 11:21:39 1997
Date: Wed, 21 May 1997 08:31:41 -0400
Reply-To: Paul Melson <melson@SCNC.HOLT.K12.MI.US>
From: Paul Melson <melson@SCNC.HOLT.K12.MI.US>
X-To: method@YIKES.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.95.970520215800.13203B-100000@yikes.com> from Dan
Fleisher at "May 20, 97 10:09:16 pm"
> That's just the tip of the iceberg. Since the machine being attacked is
> 'netted' (obviously, else it wouldn't be running Netscape), there is lots
> more fun you can have with it. For example, given an email account
> somewhere you can use the 'mail url' feature to send yourself any file on
> the system, regardless of priviliges. A good file to send would be the
> 'At Ease Preferences' file which contains the master At Ease preferences.
> Once you have obtained this, cracking the password is trivial with a
> program such as DisEase, thus leading to a total comprimise.
>
> Meth
> method@yikes.com
Yep, and it gets worse. If you use an AppleShare server
(NetWare running APPLETLK.NLM or Linux running atalkd
would also count) as At Ease's startup volume, then At
Ease will automate the login process to the server. This
is be nasty because whoever is logged in when At Ease
is set up would automatically be logged in to the file
server every time At Ease starts up thereafter. But it
gets worse - the login information (ServerID, UserID,
Password) is stored in the 'At Ease Preferences' file.
This can be disabled from within the 'At Ease Setup
(Workgroups)' utility by simply un-checking the box
labeled 'Always remember the user's last-used AppleShare
logins.' But since the default is to use the auto-login
feature, I figured it was worth mentioning. FYI, disabling
this feature doesn't remove the original copy of the
AppleShare login information from the preferences file.
Paul
--
_____________________
melson@holt.k12.mi.us
