 |
 |
OS X SECURITY flaw!
|
|
|
|
|
Mac Elite
Join Date: Oct 2000
Location: Memphis, Tn. USA
Status:
Offline
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Oct 2001
Location: South of the Mason-Dixon line
Status:
Offline
|
|
Somebody left the door key under the Welcome mat.
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: BFE
Status:
Offline
|
|
I heard it was being exploited by about 3 users. And the 3 billion other microsoft users failed to notice.
Am I being a little too complacent?
|
I'm a bird. I am the 1% (of pets).
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2001
Location: CO
Status:
Offline
|
|
The Apple Doc says,
"Please note that the exploit requires the malicious DHCP server to be located on your local subnet. For typical home network configurations with a broadband (DSL or cable service) modem and a NAT (Network Address Translation) device, such as Apple's Airport, this exploit is not possible.
"If there is a chance that a malicious DHCP server has been injected into your subnet or you are operating on an untrusted network there are two solutions to the potential vulnerability depending on if you are using a directory service.
"No directory service: For users that do not use a directory service you can go into the Directory Access utility and uncheck the "Use DCHP-supplied LDAP Server" option (Figure 1). You are no longer susceptible to this exploit."
I don't know enough to understand all the implications of this. Are they maintain that using Airport Base Station there is NO risk?
How is an average user like myself supposed to know what "a directory service" is... or whether I am (automatically?) using one?
[When I open the Directory Access utility I notice that "Active Directory" is UNchecked. Does that mean I am in the clear? (The Apple Doc sub-window blocks part of the original window, so I can't even tell where they got the sub-window ???)
Anyone want to help us non-techies understand the implications of all these complexities?
|
|
TOMBSTONE: "He's trashed his last preferences"
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Jul 2002
Location: Arizona Wasteland
Status:
Offline
|
|
Originally posted by Love Calm Quiet:
I don't know enough to understand all the implications of this. Are they maintain that using Airport Base Station there is NO risk?
What apple means if the network in front of the ABS is compromised, you cannot be attacked. You can still be attacked if the network within the ABS is compromised. (What Apple means by "If there is a chance that a malicious DHCP server has been injected into your subnet or you are operating on an untrusted network")
What you want to do is launch Applications/Utilities/Directory Services
Click on the little lock icon if its locked, and provide your admin password.
Click on LDAPv3, configure and uncheck 'Use DCHP-supplied LDAP Server'
Click OK.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2002
Status:
Offline
|
|
Amazingly enough, I'm actually in a situation where it's likely someone will try this exploit on me. Fortunately it's easy to disable, but I don't really think they should have enabled LDAP over DHCP by default in the first place.
|
|
[vash:~] banana% killall killall
Terminated
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top
