Mac OS X Cocktail 3.5.4 admin password disclosure

Posted by deepquest on May 1, 2005 – 8:16 am

Cocktail needs administrative privileges the user is
prompted for the admin password upon startup. The actual
maintenance is done by command line utilities that are executed
in an insecure manner: Cocktail creates a new process and
lets /bin/sh pipe the admin password using echo into sudo,
which then will execute the utility, like this:

sh -c echo ‘PASSWORD’ | sudo -p “” -S sudo update_prebinding -root /

Exploitation:

Knowing Cocktail is waiting for some Unix utility to have finished its work, just execute “ps ax” on the terminal and search for the password.

The vendor has been contacted; the new version 3.6 for Mac OS X “Tiger” should have been fixed. I haven’t tested this version, though.

by sonderling

This post is under “Apple” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« 64-bit Windows wide open to viruses Feds hunt for XML core »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Mac OS X Cocktail 3.5.4 admin password disclosure

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL