• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Cocoa can be used to execute arbitrary (privileged) code !
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cocoa can be used to execute arbitrary (privileged) code !

  • Subject: Re: Cocoa can be used to execute arbitrary (privileged) code !
  • From: Jean-Daniel Dupas <email@hidden>
  • Date: Fri, 20 Jun 2008 12:31:23 +0200

Le 20 juin 08 à 06:09, Ken Thomases a écrit :

On Jun 19, 2008, at 10:39 PM, Jens Alfke wrote:

It might not be a bad idea to proactively disarm this vulnerability on your own machine(s), as I just did:

sudo chmod -s System/Library/CoreServices/RemoteManagement/ ARDAgent.app/ARDAgent 

That's

sudo chmod -s /System/Library/CoreServices/RemoteManagement/ ARDAgent.app/Contents/MacOS/ARDAgent

-Ken

You may also use an exploit that correct the hole, so no sudo require ;-)

osascript -e 'tell app "ARDAgent" to do shell script "chmod -s /System/ Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ ARDAgent"'



Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Cocoa can be used to execute arbitrary (privileged) code ! (From: Jerry LeVan <email@hidden>)
 >Re: Cocoa can be used to execute arbitrary (privileged) code ! (From: Andrew Farmer <email@hidden>)
 >Re: Cocoa can be used to execute arbitrary (privileged) code ! (From: Jens Alfke <email@hidden>)
 >Re: Cocoa can be used to execute arbitrary (privileged) code ! (From: Ken Thomases <email@hidden>)

  • Prev by Date: Re: install_name_tool
  • Next by Date: Re: PDFKit guidance
  • Previous by thread: Re: Cocoa can be used to execute arbitrary (privileged) code !
  • Next by thread: Re: Cocoa can be used to execute arbitrary (privileged) code !
  • Index(es):
    • Date
    • Thread