Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A little OT: ..and they still didn't fix the mRouter security bug..' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A little OT: ..and they still didn't fix the mRouter security bug..
Authored by: franzgranlund on Apr 18, '05 11:11:45AM

From one thing to another (mRouter is SETSUID);

Why haven't Apple fixed the mRouter security bug?

http://packetstorm.linuxsecurity.com/0501-exploits/fm-iSink.c

I've tried to mail them and I also joined their security mailinglist, but the moderator just rejected my message. ("Your message was deemed inappropriate by the moderator.").

It is really annoying when everyone who has an account on the computer can just copy'n'paste some code into a file, compile it, run it and then have "root" access...



[ Reply to This | # ]
A little OT: ..and they still didn't fix the mRouter security bug..
Authored by: jdb8167 on Apr 18, '05 05:07:03PM

It is easy to fix. Just remove mRouter. You can't remove the whole bundle or change the permissions though. If you remove the whole SymbianConduit.bundle, the next invocation of Software Update wants to replace the whole iSync system. If you change the permissions on mRouter, the repair permissions of HD Utility "fixes". But just removing the file, works fine.

A side note, the problem seems to be gone in Tiger since Apple seems to have changed the whole iSync architecture.



[ Reply to This | # ]
A little OT: ..and they still didn't fix the mRouter security bug..
Authored by: JohnnyMnemonic on Apr 19, '05 07:33:28PM

Fixed in Security Update 2005-004; or at least the description of the fix includes text concerning mRouter and iSync.

Apparently, posting the vuln on /. got someone's attention. Too bad it took that, though.


[ Reply to This | # ]