NUKIDO: Various Local Vulnerabilities in Mac OS X 10.3.x
Several kernel level bounds checking vulnerabilities were found during an audit performed by Immunity team on the recent Darwin kernel xnu517.7.7. These vulnerabilities are mostly in user to kernel memory copy operations and also allocation of kernel memory driven by user supplied size value(s).
Well, they also put the an interersting bug on at(1). Actually, i still wondering how someone can use the advantage of /etc/master.passwd in multi-user mode. The /etc/master.passwd is consulted when the system is running in single-user mode. At other times this information is handled by lookupd. By default, lookupd gets information from NetInfo, so this file will not be consulted unless someone have changed lookupd’s configuration.
BTW, Mac OS X 10.3.7 is still using buggy version of sudo. Last week I received a mail reply from Apple Product Security Team, they said my information has been passed along to their engineering team for further analysis.
