SecurityFocus

Month of Apple Bugs Dec 19 2006 03:33PM
mfossi securityfocus com (4 replies)

Re: Month of Apple Bugs Dec 20 2006 04:54PM
jot (jot cotse net) (2 replies)

Re: Month of Apple Bugs Dec 20 2006 07:01PM
Mark Senior (senatorfrog gmail com) (2 replies)

Re: Month of Apple Bugs Dec 20 2006 11:32PM
K F $lists$ (kf_lists digitalmunition com)

Re: Month of Apple Bugs Dec 20 2006 10:39PM
Dave Schroeder (das doit wisc edu)

Re: Month of Apple Bugs Dec 20 2006 05:12PM
Dave Schroeder (das doit wisc edu)

Re: Month of Apple Bugs Dec 19 2006 04:56PM
Dave Schroeder (das doit wisc edu) (1 replies)

Re: Month of Apple Bugs Dec 19 2006 07:10PM
K F $lists$ (kf_lists digitalmunition com)

Re: Month of Apple Bugs Dec 19 2006 04:16PM
Philippe Devallois (phdevallois intego com) (3 replies)

Re: Month of Apple Bugs Dec 20 2006 12:51AM
David Fedoruk (david fedoruk gmail com) (1 replies)

Re: Month of Apple Bugs Dec 20 2006 02:39PM
Dave Schroeder (das doit wisc edu)

Re: Month of Apple Bugs Dec 19 2006 07:03PM
david (macosxforme gmail com)

Re: Month of Apple Bugs Dec 19 2006 05:25PM
Dave Schroeder (das doit wisc edu) (1 replies)

On Dec 19, 2006, at 10:16 AM, Philippe Devallois wrote:

>
> On 19 déc. 06, at 16:33, mfossi (at) securityfocus (dot) com [email concealed] wrote:
>
>> Coming to a Mac near you in January...
>>
>> http://blog.washingtonpost.com/securityfix/2006/12/
>> january_2007_month_of_apple_bu.html
>>
>
> Thanks, but before that, you may look at this report:
>
> http://lists.apple.com/archives/macos-x-server/2006/Dec/msg00422.html

And this is useful how?

There is absolutely no information in that post.

Compromises via vulnerable PHP-based web applications where things
end up in /tmp or /var/tmp are ridiculously common, and just as
applicable to Mac OS X as any other platform, and I'd bed nearly
anything that's what this represents, not some scary "new" OS X
compromise. That directory is probably owned by www, and probably
just means this person is running insecure/vulnerable web
applications on his machine.

- Dave0? *?H?÷
?0?10 +0? *?H?÷
?,0?ô0?] DM0
*?H?÷
0S10 UUS10U
Equifax Secure Inc.1&0$UEquifax Secure eBusiness CA-10
050829160720Z
150829160720Z0?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison0?0
*?H?÷
0?èHQÜ%wË ktëùNßM}V?ïÈ¶Â#¹.³S*?¥I|R±%ö3?~?cëG:!+·Ä? ÇL$ò©«
8)?¿.Æ01qL|?I?¿Öm²\×[¼'¯íGÌª»´V ?ëùçe><|¯÷?°
æp;?Ã??£?0?0Uÿ?0U?RRbG,k,¸iñ©7,#$0U
#0?Jx2RÛY6^ßÁ6@jG|L¡0Uÿ0ÿ09U2000. , *?(http://cr
l.geotrust.com/crls/ebizca1.crl0
*?H?÷
%ñDX3wçÖ×ª· ?7kæÞßµ±z°c_?+åLÓPpGOsÉ>Ù¬ÐDÓ±Ü-++?ü}£Z??d£Áù'öTï¡*)ÿw~G²?¨ø
Oµö¬U~ºbSJh,óN¨GTaßs\ÇDØéR#êeb¨Åg0?00??
0
*?H?÷
0?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison0
060921213052Z
070921213052Z0¾10 UUS10U Wisconsin10UMadison1(0&U
University of Wisconsin-Madison1#0!UFaculty - Staff - Students10UDavid Schroeder1 0 *?H?÷
das (at) doit.wisc (dot) edu0 [email concealed]?0
*?H?÷
0????èöÆ?³G¡J[¨×
Qò?sJ?'Uî.øë
ÂC«ÓmÂ?5(¢?äðÛ¢1?Hµ8iä¬C°«é£ Ê¢4ÝsR|F?Sû?©¶2±ï?Æ?´zó?¬ÿPïí?ð?ÖÜ5àò?Ý?ÕÍnæ?y
>ªÛ% ?ä¹£p0n0Uÿà0;U40200 . ,?*http://crl.geotrust.com/cr
ls/wisconsin.crl0U#0??RRbG,k,¸iñ©7,#$0
*?H?÷
¯?Ïè®`:ÍDD?¼7µ(?AÞÈæZ_?ÙxmæÀ!ÖÓr?óÌ~X²8Æ¯â"ô0%¶Â¸:Â!Í?ü?KË
CÏ?6õëÒ?5Ñ¬?
:Ñat¡q"ÙöïÍA???±},ßª&KÐ]9ev¬ëgxDEåð·Ë1?â0?Þ00?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison
0 + ?§0 *?H?÷
1 *?H?÷
0 *?H?÷
1
061219172526Z0# *?H?÷
1?ÁßKì^?¢Àc?{3Ï?9í0¡ +?71?00?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison
0£*?H?÷
1? 0?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison
0
*?H?÷
?}¶£(`Tç?}Dd`1v=ÄdÙß&?CD?9[N?£?Ûø7êÌM²m¢?O-ãç?0??è<À*b¢Ø?ád ²?8>ôrÀÐÊý«Ó¨Rt\Ð+§IV?×?gtºÀMãÅ_ª×#?sÕ?óûÌâ1YKÓ°óùül?ÁÏ

[ reply ]

Re: Month of Apple Bugs Dec 19 2006 05:58PM
Philippe Devallois (phdevallois intego com)

Re: Month of Apple Bugs Dec 19 2006 04:07PM
david (macosxforme gmail com)