Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Apple pentesting

from [Altheide, Cory B. (IARC)] Network Security [Permanent Link]
Subject: RE: Apple pentesting
Date: Tue, 5 Apr 2005 12:14:08 -0700 
-----Original Message-----
From: Todd Towles [mailto:toddtowles@brookshires.com] 
Sent: Tuesday, April 05, 2005 11:59 AM
To: Altheide, Cory B. (IARC)
Cc: pen-test@securityfocus.com
Subject: RE: Apple pentesting

And I ask you where is the expoit information? What is the 
vulnerability? Do exploits exist? Can you test if you are 
vulnerability? These is a site that list patches..not the 
same thing.  Interesting that you think they are the same. 
Apple doesn't follow Full-Disclourse, that was my point. 

I didn't mean they don't patch...


Please try *very hard* to comprehend what I am writing.

You said: "the problem with testing Macs is they never released
vulnerability statements..never. If a hole is found, Apple releases a patch
and no ones says anything."

This is *FALSE*.

To rebutt your current misconceptions (at least the ones applicable to this
discussion):

"What is the vulnerability?"

Clicking on the most recent security update link, located here:
http://docs.info.apple.com/article.html?artnum=301061

Gives us useful information, like CVE-IDs.  Do you know what a CVE number is
used for?

Example entry:

    * AFP Server
      Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
      CVE-ID: CAN-2005-0340
      Impact: A specially crafted packet can cause a Denial of Service
against the AFP Server.
      Description: A specially crafted packet will terminate the operation
of the AFP Server due to an incorrect memory reference. Credit to Braden
Thomas for reporting this issue.

Now, we take this CVE number, look it up at http://cve.mitre.org, and we get
the following:

Name: CAN-2005-0340 (under review)
Description: Integer signedness error in Apple File Service (AFP Server)
allows remote attackers to cause a denial of service (application crash) via
a negative UAM string length in a FPLoginExt packet.
References:     

    * BUGTRAQ:20050208 AppleFileServer Denial of Service.
    * URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110791369419784&w=2
    * APPLE:APPLE-SA-2005-03-21
    *
URL:http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html


If you are too obtuse to harvest this information you have no business
dealing with information (let alone the security thereof).

My favorite is this question, though:

"And I ask you where is the expoit information?"

LOL.  That's adorable.  ZOMG the vendor doesn't link to exploit code OB-FU!
Do any vendors (intentionally) provide explicit information on how to
exploit the very code they vend?

Before you send another email, I ask that you strap on a clue-bag, chew on
it for a while, really /digest/ the clue, then fire up that mail client.
It'll be a good thing.

Cory Altheide
Senior Network Forensics Specialist
NNSA Information Assurance Response Center (IARC) 
altheidec@nv.doe.gov 
"I have taken all knowledge to be my province." -- Francis Bacon

PS Don't top-post.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Apple pentesting, Erik Winkler
Next by Date:  Re: Apple pentesting, Thomas Stromberg
Previous by Thread:  Re: Apple pentesting, Daniel
Next by Thread:  RE: Apple pentesting, Todd Towles
Indexes:  [Date] [Thread] [Top] [All Lists]