Zugriff auf Daten auf HFS-Volumes über HTTP
Da habt Ihr mal eine handfeste, aktuelle Lücke (aktuell in dem Sinn dass sie schon behoben wurde, sonst würde man sie nicht bekannt machen). Interessant an dieser ist, dass es ein Problem des Mac OS ist das weiterhin existiert, und auf die noch andere Software reinfällt als der Apache. Der Fix bestand nur daraus, dass Apple die Konfigurationsdatei für den mitinstallierten Apache geändert hat; das eigentliche Problem existiert auch bei 10.3.8 noch... soviel zu Geschwindigkeit.
------------------------
NetSec Security Advisory
------------------------
VULNERABILITY DETAILS
Name: Multiple Vulnerabilities Resulting From Use Of Apple OSX
HFS+
Impact: HIGH
Platform: Apple OS X (Darwin) <= 10.2
Method: Possible unauthorized access to file system data
Identifier: 07012005-01
FORWARD:
In December 2004, NetSec released details of a vulnerability impacting
software running on versions of Apple OS X version 10.2 and greater.
Under OS X, userland applications are presented with two interface
methods to an underlying legacy HFS+ file system: resource and data
streams. Access of the individual streams from a file browser or shell
application permits users with appropriate access rights to retrieve
information from the data fork (content) or resource fork (resources).
The risk associated with any unauthorized file data disclosure to remote
users is often significant. This is because users may access the source
code of server-side interpreted scripts that may contain embedded
database credentials, specify known paths to sensitive files (shell
command history files for example), retrieve hidden files, and otherwise
retrieve arbitrary file content. All of these exploitation scenarios may
bypass default server access controls, unless requests for the data and
resource forks are trapped prior to request forwarding.
Subsequent research and testing, conducted by NetSec revealed at least
one method to leverage this 'feature' of the legacy HFS+ driver in OS X:
web services. The default configuration of several web server
applications does not adequately prevent remote access to these
protected file system resources. Testing of other network-enabled
applications did not result in the identification of other vectors;
however any server application that does not proactively filter requests
for local file system resources may expose underlying HFS+ file systems
to unauthorized remote access.
[...]
In voller Länge nachlesbar bei
NetSec.