Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Search Forums > Search Results

Search: Posts Made By: Hugin777
Thread Thread Starter Last Post Replies Views Forum
FTP is still working (albeit slow). And I guess... 81,222 Views / 607 Replies  
FTP is still working (albeit slow). And I guess most will enable automatic opening of "safe" files in Safari again; I know I will.

It seems that the Launch Services database already "knows" the...
Posted by Hugin777, on Jun 7, 2004 at 05:56 PM, in macOS
Re: OS X 10.3.4 is out 81,222 Views / 607 Replies  
AFAIK the telnet: and ssh: exploits have been fixed in 10.3.4, but not any of the three found in this thread.
Posted by Hugin777, on May 27, 2004 at 06:22 AM, in macOS
Re: yet yet yet another 81,222 Views / 607 Replies  
This seems to be fixed in 10.3.4. I know a guy who has it, and he just get:
We all hope that 10.3.4 is released this week, don't we ? :) (Or, maybe they could include all fixes and release it...
Posted by Hugin777, on May 24, 2004 at 07:56 PM, in macOS
Yes I did. And you are right; Apple has to dig... 81,222 Views / 607 Replies  
Yes I did. And you are right; Apple has to dig into this, not us. We only have to check whether we are safe :)
Posted by Hugin777, on May 24, 2004 at 02:08 PM, in macOS
A nice page. Only protocol that's missing is... 81,222 Views / 607 Replies  
A nice page. Only protocol that's missing is disks:, but I'm not sure how that works anyway.

It could easily be expanded to include the three types of vulnerabilities as well (in your step 2). But...
Posted by Hugin777, on May 24, 2004 at 02:05 PM, in macOS
I have updated my example exploit page... 81,222 Views / 607 Replies  
I have updated my example exploit page (http://ozwix.dk/OpnAppFixer/testit.html) so it's now possible to test Application Code Hijacking.

I didn't succeed in hijacking Mail or HelpViewer, possibly...
Posted by Hugin777, on May 24, 2004 at 09:33 AM, in macOS
To take the last thing first. Try smb: and... 81,222 Views / 607 Replies  
To take the last thing first. Try smb: and webdav: in Safari. They don't work. Only disk:, disks:, ftp:, and afp: are needed (if file: and ssh: are safe, and auto-open is off). Also, Internet...
Posted by Hugin777, on May 24, 2004 at 07:37 AM, in macOS
There seems to be some permission problems; I... 81,222 Views / 607 Replies  
There seems to be some permission problems; I just get: "You don't have permission to access /macsploits/evil.zip on this server."

Please note that smb: and webdav: usually does not work in...
Posted by Hugin777, on May 23, 2004 at 12:43 AM, in macOS
Please note that everyone that hasn't installed... 81,222 Views / 607 Replies  
Please note that everyone that hasn't installed ShapeShifter would be vulnerable to an attack using guikit: as the "fantasy" malware URI scheme ! (Edit: of course, using ftp: to "get in")

Edit 2:...
Posted by Hugin777, on May 22, 2004 at 11:07 PM, in macOS
Sorry. What I (implicitly) meant was: maybe it's... 81,222 Views / 607 Replies  
Sorry. What I (implicitly) meant was: maybe it's just a side effect. Maybe nobody really thought about this.

Maybe I should just shut up now :)
Posted by Hugin777, on May 22, 2004 at 04:15 PM, in macOS
I think it's as simple as Finder showing the FTP... 81,222 Views / 607 Replies  
I think it's as simple as Finder showing the FTP directory... And when Finder shows any directory it apparently updates LaunchServices. Does that make sense ?

But as to fixing this I agree; we...
Posted by Hugin777, on May 22, 2004 at 03:41 PM, in macOS
Perhaps. I don't think this will be fixed for at... 81,222 Views / 607 Replies  
Perhaps. I don't think this will be fixed for at least a week. And (as I argued above) I don't think the risk is all that great.

The vulnerability is very severe. And it's really easy to create an...
Posted by Hugin777, on May 22, 2004 at 03:38 PM, in macOS
Re: Re: Re: Re: Re: Re: Re: Re: Re: Serious Security Flaw in Mac OS X/Safari/Help Viewer 81,222 Views / 607 Replies  
LOL, ok. Here goes:


KrayZ writes:

Then I write: - What I meant was: That is correct. But the automatic registration of URLHelpers (which work for "malware:") will also work for any _local_...
Posted by Hugin777, on May 22, 2004 at 03:18 PM, in macOS
Re: Re: Re: Re: Re: Re: Re: Serious Security Flaw in Mac OS X/Safari/Help Viewer 81,222 Views / 607 Replies  
I think you misunderstood my post. Or I wasn't clear enough.

What I was looking for was protocols that allowed mounting remote directories or remote disk images. FTP is one such example. But as...
Posted by Hugin777, on May 22, 2004 at 02:06 PM, in macOS
Re: Re: Re: Re: Re: Serious Security Flaw in Mac OS X/Safari/Help Viewer 81,222 Views / 607 Replies  
Right. And "malware:" isn't in the list of Protocol Helpers either - and yet Safari launches any Malware application which registers a "malware:" URLHelper ;-)

On my system webdav:, smb:, nfs:,...
Posted by Hugin777, on May 22, 2004 at 12:52 PM, in macOS
Re: Re: Re: Re: Serious Security Flaw in Mac OS X/Safari/Help Viewer 81,222 Views / 607 Replies  
I think the reason for cifs: smb: nfs: and ftps: not working is that the bundles (*.URLMounter) which has registered those URLHandlers aren't apps. So Safari can't do anything with them.

As to...
Posted by Hugin777, on May 22, 2004 at 11:10 AM, in macOS
Secunia has now issued a new advisory... 81,222 Views / 607 Replies  
Secunia has now issued a new advisory (http://secunia.com/advisories/11689/).

I recommend turning off auto-opening of "safe" files, and disabling afp: disk: disks: and ftp:...
Posted by Hugin777, on May 22, 2004 at 10:59 AM, in macOS
Correct. Exactly like the help viewer exploit.... 1,270 Views / 24 Replies  
Correct. Exactly like the help viewer exploit. Just not using the help viewer.
Posted by Hugin777, on May 22, 2004 at 08:49 AM, in macOS
Re: Re: Serious Security Flaw in Mac OS X/Safari/Help Viewer 81,222 Views / 607 Replies  
As far as I can see you only fix help: disk: disks: and telnet: - what about afp: and ftp: ?

Have you tried my exploit example (http://ozwix.dk/OpnAppFixer/testit.html) ? (where you can try ftp:...
Posted by Hugin777, on May 22, 2004 at 08:24 AM, in macOS
You could write an application, launched by... 81,222 Views / 607 Replies  
You could write an application, launched by clicking a link in an email, that sent a similar email to every person Mail.app and/or the AddressBook knows about. And that may be a lot.

But most of...
Posted by Hugin777, on May 22, 2004 at 08:12 AM, in macOS
As far as I can see, you are still vulnerable if... 81,222 Views / 607 Replies  
As far as I can see, you are still vulnerable if using webdav: (and possibly disks: ) and any of the following (with the corresponding App Code):

finger:
netphone:
wais:
whois:
x-netphone:
...
Posted by Hugin777, on May 22, 2004 at 07:51 AM, in macOS
This is the list of common URLHandlers on Mac OS... 81,222 Views / 607 Replies  
This is the list of common URLHandlers on Mac OS X, FYI:

addressbook: Address Book
afp: afp.URLMounter, Finder
aim: iChat
applescript: Script Editor
cifs: smb.URLMounter
daap: iTunes...
Posted by Hugin777, on May 22, 2004 at 06:18 AM, in macOS
Well, yes, but my page is just an example. (Edit:... 81,222 Views / 607 Replies  
Well, yes, but my page is just an example. (Edit: and MindFad may not use Fetch ;) )

I could have used any of afp: disk: disks: ftp: (or whatever)

- I just did a

and this is what it found:
...
Posted by Hugin777, on May 22, 2004 at 05:32 AM, in macOS
Well, I must admit that I really don't consider... 81,222 Views / 607 Replies  
Well, I must admit that I really don't consider the threat to be that high.

And publicizing the new, still unfixed, vulnerability won't do Apple any good. They probably first heard about it from...
Posted by Hugin777, on May 22, 2004 at 03:51 AM, in macOS
Well, yes; relatively :) It won't protect you... 81,222 Views / 607 Replies  
Well, yes; relatively :) It won't protect you against my exploit example (http://ozwix.dk/OpnAppFixer/testit.html) . . .
Posted by Hugin777, on May 22, 2004 at 03:39 AM, in macOS
The telnet: vulnerability has been known for a... 81,222 Views / 607 Replies  
The telnet: vulnerability has been known for a while, but the only thing it can do (AFAIK) is to "empty" files: telnet://-nFilename will create an empty file named Filename in your home directory,...
Posted by Hugin777, on May 21, 2004 at 08:57 PM, in macOS
Right. I edited my post above :) It appears... 81,222 Views / 607 Replies  
Right. I edited my post above :)

It appears that the person that told me about the telnet: fix is running 10.3.4 ;) And when I tested I forgot the // after telnet: . . .

So with 10.3.4 both...
Posted by Hugin777, on May 21, 2004 at 08:41 PM, in macOS
What exactly has been fixed ? ... 81,222 Views / 607 Replies  
What exactly has been fixed ?

help:runscript= is apparently now ignored when originating from browsers.

A line like:

is added to the console.log.

More ?
Posted by Hugin777, on May 21, 2004 at 07:59 PM, in macOS
Re: Re: Re: Re: Re: Re: Telnet exploit 81,222 Views / 607 Replies  
Apple apparently chose your solution to (1) in their just released Security Update to HelpViewer :) That is, "help:runscript=../../Scripts/Info%20Scripts/Current%20Date%20&%20Time.scpt" is just...
Posted by Hugin777, on May 21, 2004 at 07:18 PM, in macOS
Summary of current knowledge 81,222 Views / 607 Replies  
This is the "summary of current public knowledge" i just sent to Apple:

OpnApp.scpt - this is just awful; it gladly runs everything everywhere
help:runscript= - this could just be removed...
Posted by Hugin777, on May 21, 2004 at 05:08 PM, in macOS
Re: Re: Re: Re: Re: Re: Telnet exploit 81,222 Views / 607 Replies  
You are right, of course.

I have updated my (new) exploit example page (http://ozwix.dk/OpnAppFixer/testit.html) with the "ftp:" protocol. Several others are possible, as you mention.

Edit: I...
Posted by Hugin777, on May 21, 2004 at 03:51 PM, in macOS
Re: Re: Re: Re: Telnet exploit 81,222 Views / 607 Replies  
To follow your line of thought, I think you are missing:

4. Stop harvesting Application Codes upon opening of folders/mounting of shares. (to fix "tn3270:")

- But if you have 3. (and disable...
Posted by Hugin777, on May 21, 2004 at 11:37 AM, in macOS
Wishlist for the upcoming fix from Apple 81,222 Views / 607 Replies  
I think my preferred fix would be:

1) do not allow help:runscript= to run anything from /Volumes

2) do not allow the awful OpnApp scripts to open anything from /Volumes (which was my original...
Posted by Hugin777, on May 21, 2004 at 11:20 AM, in macOS
Re: Re: Re: Re: Simple exploit demonstration 81,222 Views / 607 Replies  
Did you remember the : after test ? As in:
test:

Which browser do you use ?
Posted by Hugin777, on May 21, 2004 at 10:28 AM, in macOS
Re: Re: Simple exploit demonstration 81,222 Views / 607 Replies  
LOL - no, actually I can't :)

You could do a web search for Hugin777 (there are only two: one in Iceland and me in Denmark). But that wouldn't help much either.

- But my point was: if you think...
Posted by Hugin777, on May 21, 2004 at 10:16 AM, in macOS
10.3.4 81,222 Views / 607 Replies  
My guess is (I mean: my hope is) that it has been fixed in 10.3.4.

Anyone has 10.3.4 and can check this ? :)
Posted by Hugin777, on May 21, 2004 at 09:47 AM, in macOS
Simple exploit demonstration 81,222 Views / 607 Replies  
As no one has posted a link (to the new exploit) yet, here goes:

Security check (http://ozwix.dk/OpnAppFixer/testit.html)

NOTE: There's no automatic redirection or anything, just click the...
Posted by Hugin777, on May 21, 2004 at 08:58 AM, in macOS
 
Top
Privacy Policy
All times are GMT -4. The time now is 02:30 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,