toggle

AAPL Stock: 562.29 ( -3.03 )

Exploit surfaces for ftpd in Mac OS X

updated 05:40 pm EST, Tue December 5, 2006

ftpd exploit surfaces


A vulernability has surfaced in ftpd -- a file transfer server that comes bundled with Mac OS X -- that could allow an attacker to gain complete control of the affected Mac. The vulnerability is caused by a boundary error in ftpd when handling commands with globbing characters such as '*,' and is exploitable to produce a buffer overflow which could lead to arbitrary code execution. The vulnerability is reported in Mac OS X 10.3.9 and Mac OS X 10.4.8, but Secunia notes that other versions of Apple's operating system may also be vulnerable. Users running ftpd under Mac OS X can prevent exploitation by granting only trusted users access to the server, which is disabled by default. Note that users who have enabled ftpd are immune to this hole until they enable the service.


by MacNN Staff

print
email
(7)

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. Horsepoo!!!

    Banned

    Joined: Jun 2003

    0
    12/05, 05:46pm | report spam | Reply |

    Rich...

    ...if you grant FTP access to strangers, they may be able to take over your computer. News at 11...today, tomorrow and all week.

  1. adrian_milliner

    Fresh-Faced Recruit

    Joined: Jun 2005

    0
    12/05, 06:00pm | report spam | Reply |

    anyone using ftpd...

    ...in an environment where remote secure access is important, deserves everything they get.

    many more options, not least of which is sshd

  1. ClickSpace

    Fresh-Faced Recruit

    Joined: Mar 1999

    0
    12/05, 09:20pm | report spam | Reply |

    sshd not jailed

    But it's not easy to setup a chroot jail with sshd.

  1. LouZer

    Fresh-Faced Recruit

    Joined: Nov 2000

    0
    12/05, 11:55pm | report spam | Reply |

    Re: rich and anyone

    ..if you grant FTP access to strangers, they may be able to take over your computer. News at 11...today, tomorrow and all week.

    Since you seem to think this is a no-big-deal, how exactly does allowing FTP access to your computer normally allow people to take over your computer?

    ..in an environment where remote secure access is important, deserves everything they get.

    Right, but what if remote secure access isn't important, but remote access is?

    And if FTP is such a whopping security hole you all claim it is, then why does Apple even include it in the system? Wouldn't the company concerned about our security not even include it as an option (or at least remove it from the list of services in the preferences screen???)

  1. gskibum3

    Fresh-Faced Recruit

    Joined: Nov 2006

    0
    12/07, 10:16am | report spam | Reply |

    Not Again

    Louzer, a few points.

    Here you go again, over hyping a theoretical exploit released by secutiry "experts."

    1. How many people do you, the self appointed security expert at MacNN Forums, suppose enable FTP at all?

    2. Allowing anonymous log-in is insecure. Is there anyone on the planet that doesn't know this?

    3. Is Apple to not include industry standard services because they may be theoretically exploitable? Heck, they might as well not include an HTTP browser or e-mail software! Heck, let's just get rid of ethernet ports and wireless cards!

    4. Once again, I would love to see you or anyone you know actually demonstrate this or any of the "exploits" you hype in a real world setting. Go ahead. Find that Mac running FTP with anonymous log-in enabled and take full control over it. Put your dream world money where your dream world mouth is.

  1. fubar_this

    Fresh-Faced Recruit

    Joined: Jul 2006

    0
    12/07, 10:34pm | report spam | Reply |

    yes again

    louzer made good points.

    1. Apple includes FTP on their client machines. Therefore anybody could enable it. But even more important, they include it in their server product. If Mac OS X is to be taken seriously as a server/enterprise platform then vulnerabilities like this shouldn't be taken with a grain of salt. Even with SSH's emergence FTP is BY LARGE the #1 file transfer protocol. IT administrators will look at Apple's vulnerability count and response time for security patches before evaluating if Mac OS X is a secure platform that can be deployed cheaply. And while we're on this point let's remind people that just because it's in FTPd, that doesn't mean it's not Apple's fault. Apple typically uses very old distributions of open source utilities it includes in the OS distribution. Go to WWDC and you'll hear people whine how such-and-such utility is 3 years behind what's included in Linux and FreeBSD. That's because Apple maintains their own code base so that they can make programs like sshd and ftpd integrate with Mac OS X-only services like launchd. So when a security vulnerability is released, it's harder for Apple to scramble and release a fix. Which brings me to another point: Apple is typically very slow in releasing patches. Many zero-day exploits are actually fixed in a day or two in open source programs, but Apple takes two, three or even four weeks to release a patch. It's unbelievable and as an IT administrator it's inexecusable.

    2. Anonymous log-in is not insecure. Properly used it is how many people on the planet transfer files. It's been around for ages. By your thinking guest access in Apple File Sharing is dangerous, even though it's enabled by default in Mac OS X client. And I'm willing to bet a fair number of people use Apple File Sharing.

    3. I'm tired of hearing people complain that all these vulnerabilities just have the "potential" to do harm. Releasing code (e.g. an EXPLOIT) that proves so is a not only amoral, but in some cases is a felony (computer crime). Any security company like F-Secure would be insane to prove a vulnerability is exploitable using actual code; they'd be committing suicide. Especially since Apple is quite touchy; they'd probably be the first to sue if such code were posted.

    And since I'm already being bitchy: MacNN, it's a VULNERABILITY, not an EXPLOIT that has surfaced. If an exploit had surfaced, this would be a huge deal. There is a big difference.

  1. gskibum3

    Fresh-Faced Recruit

    Joined: Nov 2006

    0
    12/10, 06:19pm | report spam | Reply |

    Potential?

    fubar, you sound as though the reason nobody ever succeeds at exploiting Macs is because it's against the law.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

iHome iW2 AirPlay speaker

iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...

Logitech Ultrathin Keyboard Cover

One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...

Logitech UE Air Speaker

If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...

toggle

Most Commented

 

Popular News