Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Holes in the firewall of Mac OS X Leopard

from [Juergen Schmidt] Network Security [Permanent Link]
Subject: Holes in the firewall of Mac OS X Leopard
Date: Mon, 29 Oct 2007 22:49:18 +0100 (CET) 
Hello,

we did some functional testing on the firewall of Mac OS X Leopard. 
Short summary:

- the firewall is not activated by default but there are services running 
even if you don't activate any sharing (as shown by netstat or lsof)

- if you set it to "Block all incoming connections" it still allows access 
to certain system services. We could access the ntp daemon that is running 
per default over the internet. In a LAN based scenario, we were able to 
query the Netbios naming service even with full blocking enabled.

- if you set it to "Set access to specific services and programs" the 
firewall permits access to listening processes startet by the user, 
regardless if they are in the list of shared services. We were able to 
access a service like "nc -l 1414" over the internet.


ntpd is labeled 4.2.2, the latest version is 4.2.4. It is unknown if any 
of the bugs fixed in the meantime are relevant in this scenario or if 
fixes have been backported. 

The same applies to the Samba package (3.0.25b-apple), of which releases 
3.0.25c and 3.0.26a contained numerous bug fixes.


For more information see:

 A second look at the Mac OS X Leopard firewall
http://www.heise-security.co.uk/articles/98120


bye, ju

-- 
Juergen Schmidt, editor-in-chief heise Security www.heise-security.co.uk
GPG-Key: 0x38EA4970,  5D7B 476D 84D5 94FF E7C5  67BE F895 0A18 38EA 4970
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Memory overwrites in JVM via malformed TrueType font, NGSSoftware Insight Security Research
Next by Date:  Re: Holes in the firewall of Mac OS X Leopard, Brandon S. Allbery KF8NH
Previous by Thread:  Heap overflow in RealPlayer ID3 tag parser, NGSSoftware Insight Security Research
Next by Thread:  Re: Holes in the firewall of Mac OS X Leopard, Brandon S. Allbery KF8NH
Indexes:  [Date] [Thread] [Top] [All Lists]