Exploit world!

Macintosh section

Compiled by Fyodor fyodor@insecure.org
on Thu Jan 13 21:41:32 UTC 2000

[Back] to Fyodor's Playhouse


Overflows in various Macintosh mail clients.
Description:Standard overflows.
Author:Chris Wedgwood <chris@CYBERNET.CO.NZ>
Compromise:DOS attack at least, there is at least a possibility of remote code execution (I've never seen this done on a Mac though).
Vulnerable Systems:Macintosh boxes running Stalker Internet Mail Server V.1.6 or AppleShare IP Mail Server 5.0.3 SMTP Server
Date:8 April 1998
Exploit & full info:Available here


ICQ Spoofer
Description:The ICQ protocol is poorly designed and leads to a number of problems. Included in this message is an ICQ spoofer in C, a Perl version, and an ICQ flooder. A sniffer is also included.
Author:Seth McGann <smm@WPI.EDU> and others
Compromise:Harass ICQ users to no end :).
Vulnerable Systems:People running ICQ, mostly windows users. There is probably a Mac client too.
Date:6 April 1998
Notes:All the code is somewhat jumbled together -- I'm sure you can figure it out.
Exploit & full info:Available here


MAC tcp stack syn problem
Description:Apparently some Macintoshes crash from a high rate of TCP SYN packets (IE through a portscan)
Author:nomad@APOLLO.TOMCO.NET
Compromise:crash a mac
Vulnerable Systems:Mac TCP system 7.1 and 7.8
Date:31 August 1997
Notes:According to Jake Luck this problem was solved with OpenTransport 1.2
Exploit & full info:Available here


Netscape gives away user's files!
Description:A hole in the handling of the INPUT TYPE="FILE" tag allows a malicious website operator to download your files (if the filename is known). This apparently works on all platforms, and with Netscape up to Netscape Communicator.
Author:"Paul T. Kooros" <kooros@TITAN.SRRB.NOAA.GOV>
Compromise:Steal people's shit!
Vulnerable Systems:Clients running Netscape Communicator 4.0 and earlier, as well as netscape navigator 3.* and probably earlier. This includes the Windoze, Macintosh, and UNIX platforms.
Date:16 June 1997
Notes:This is a great advisory! Show your thanks by buying his JavaScript book! I would if JavaScript wasn't such a lame language ;).
Exploit & full info:Available here


Macintosh At Ease Apple Share automated login "feature"
Description:By default, At Ease will automate the login process to AppleShare servers, and store the login and password in clear text in the At Ease Preference file. You can usually read this file trivially by exploiting applications (like netscape file:// URLs).
Author:Paul Melson <melson@SCNC.HOLT.K12.MI.US>
Compromise:Unauthorised access to an AppleShare fileserver.
Vulnerable Systems:Macintoshes, running At Ease and using the Auto Login "feature".
Date:21 May 1997
Exploit & full info:Available here


Ping of Death
Description:gazillions of machines can be crashed by sending IP packets that exceed the maximum legal length (65535 octets)
Author:The page included was created by Malachi Kenney. The programs have attribution.
Compromise:Stupid DOS
Vulnerable Systems:I have heard that NT and 95 can actually lock up hard from the programs below. Also, early 2.0.x Linux, Solaris x86, and Macintosh systems are often vulnerable.
Date:21 October 1996 was when this page came up.
Notes:The Ping O' Death page is included first, then comes BSD source code, then comes a version of the above which is modified to compile on Linux 2.X. I also appended jolt.c, which IP spoofs to. Woop!
Exploit & full info:Available here



This page Copyright © Fyodor 1996, 1997, 1998
[Back] to Fyodor's Exploit World main index

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault