| Home | Forums | Reviews | Guides | Newsgroups | Register | Search |
 |
| Thread Tools |
|
Guest
Posts: n/a
|
|
|
|
||
|
|
| |
|
Guest
Posts: n/a
|
On Mon, 01 Dec 2003 16:19:45 +1300, "T.N.O." <> wrote:
>http://www.theregister.co.uk/content/39/34240.html > >"The vulnerability affects Mac OS X 10.2 and 10.3 on both workstation >and servers. Earlier versions of Mac OS X may also be vulnerable. > >Carrel suggests a number of workarounds including preventing any network >authorisation services from obtaining settings from DHCP, as explained here. > >A fix from Apple is not expected before next month at the earliest." From the article on that www site, Posted: 27/11/2003 at 16:22 GMT So it's next month already  |
|
|
|
|
|||
|
|
| |
|
Guest
Posts: n/a
|
Craig Shore wrote:
>>http://www.theregister.co.uk/content/39/34240.html >>A fix from Apple is not expected before next month at the earliest." > From the article on that www site, Posted: 27/11/2003 at 16:22 GMT > So it's next month already heh, I only read it every couple of days... guess I should have checked that before posting it, but I hadn't noticed anyone point it out. |
|
|
|
|
|||
|
Guest
Posts: n/a
|
> http://www.theregister.co.uk/content/39/34240.html
> > "The vulnerability affects Mac OS X 10.2 and 10.3 on both workstation > and servers. Earlier versions of Mac OS X may also be vulnerable. > > Carrel suggests a number of workarounds including preventing any network > authorisation services from obtaining settings from DHCP, as explained here. > > A fix from Apple is not expected before next month at the earliest." Wow, it's next month already  http://docs.info.apple.com/article.html?artnum=32478 Which says effectively if you don't need it, turn it off. AFAIK 10.0,1,2 came out of the box with it turned off. Is it on as default in 10.3? or is this a case of don't turn it on if you don't know what you're doing? & while we're at it this one popped up: http://www.security-corporation.com/...31124-001.html This is a "feature" of Panther 10.3, sudo authentication from the Finder. By default all members of the group "admin" gid 80 are added to /etc/sudoers. If you have "admin" users who you wish not (for whatever reason) to sudo, you must edit /etc/authorization (and /Library/Preferences/com.apple.desktopservices ?) These procedures appear not to be well documented for client desktops ... |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Webbrowser vunerability | Skybuck Flying | Windows 64bit | 1 | 02-09-2011 09:16 PM |
| MS05-004: Path vunerability still present in ASP.NET 2.0 | Richard Eke | ASP .Net Security | 7 | 03-08-2006 02:38 PM |
| FireFox (OSX): No in-page keyboard navigation? | Daniel J. Stern | Firefox | 1 | 12-27-2004 12:15 PM |
| MS jpeg vunerability | Jim Watt | Computer Security | 14 | 10-09-2004 07:48 AM |
| OSX/TB0.7.1 - no sound notification about new email | look^ | Firefox | 1 | 08-26-2004 07:33 AM |
