VigiMac » issue http://www.vigimac.com keep an eye on your Mac Sat, 13 Nov 2010 18:27:44 +0000 en hourly 1 http://wordpress.org/?v= ARDAgent security hole with MacOS X 10.5.4 http://www.vigimac.com/2008/07/ardagent-security-hole-with-macos-x-1054/ http://www.vigimac.com/2008/07/ardagent-security-hole-with-macos-x-1054/#comments Mon, 30 Jun 2008 22:57:18 +0000 VigiMac http://www.vigimac.com/?p=28 A security hole has been recently discovered, relayed by all websites of the Mac community. This vulnerability with the ARDAgent program gives access to the root superuser with a simple Applescript command :

$ osascript -e ‘tell app “ARDAgent” to do shell script “whoami”‘
root

If it does not always work with MacOS X 10.5.3 (and previous versions), this security issue is not yet fixed and can appear with the last MacOS X 10.5.4 update.

You’ll find different ways to possibly close this ARDAgent security hole on macosxhints.com, like this command :

$ sudo chmod 755
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

If you use Apple Remote Desktop Admin, this command will avoid ARDAgent to launch.
Remote Desktop Admin will work thanks to this second command line and the issue doesn’t seem to appear anymore.

$ sudo chmod +s
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

]]> http://www.vigimac.com/2008/07/ardagent-security-hole-with-macos-x-1054/feed/ 0