OS X, Apache Security Hole Discovered
OS X, Apache Security Hole Discovered
by , 2:00 PM EDT, June 13th, 2001
For years, Mac users were able to more or less ignore many of the virus and security risks that existed in the Windows and Unix worlds. OS X has changed that, and combined with the growing number of "always on" broadband connections, Mac users have to take more security precautions now than ever before.
With that said, a new security hole has been identified with OS X and the built-in Apache Web server. Due to the way that Apache handles commands, and the HFS+ disk structure of most OS X enabled Macs, not all private files on a machine are safe. According to SecurityFocus.com;
A vulnerability exists when Apache webserver is used with Mac OS X Client.
The standard filesystem for Mac OS X is HFS+. HFS+ is case insensitive while Apache's filtering is case sensitive. The result is that Apache will filter all file requests that match filters exactly (including case), but it will not filter requests made with mixed or upper case characters. Since HFS+ is case insensitive, these requests will result in the "filtered" files being disclosed.
The impact is that arbitrary privileged files may be disclosed to unprivileged remote users.
You can find more information by going to the SecurityFocus.com Web site, and then clicking on "Vulnerabilities," and then "Advisories." You will see the "MacOS X Client Apache File Protection Bypass Vulnerability" advisory listed, and you can get more information from there.
Observer Comments
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated May 21st
- Sat, 1:09 PM
- MacOS KenDensed - MacOS KenDensed: Killing Off Unlimited Data & Big iPhone Rumors
- Fri, 8:58 PM
- News - Sprint Offers $100 Credit for iPhones From Other Carriers
- 7:50 PM
- Free on iTunes - A Free Art Exhibit App for iPad
- 7:41 PM
- The Back Page - Apple Could Use 7” iPad Pricing to Punish Competitors
- 5:41 PM
- TMO Appearances - John Martellaro Talks on Tech Night Owl: Competing with Apple
- 4:25 PM
- Particle Debris - Yes, But Will Anyone Actually BUY an Apple HDTV?
- 3:47 PM
- Deal Brothers - 13” MacBook Air 1.86 GHz Intel Core 2 Duo: $999
- 1:15 PM
- Product News - DropKey goes Free on Mac App Store through Sunday
- 10:28 AM
- News - Apple Unveils 2012 iTunes Festival Lineup
- 9:40 AM
- News - Court Orders Apple, HTC into Patent Settlement Discussion
- 8:54 AM
- News - Sony Signs Woz as Jobs Bio-pic Consultant
- 8:25 AM
- TMO Quick Tip - Mac OS X: Open Contacts & Events in Separate Windows
The Mac Observer Reader Specials
Macsales Add 2nd Hard Drive or SSD to Mac mini, MacBook or MacBook Pro. 1TB of Hard Drive or SSD Capacity from $64.99! Video Guides Make it easy - OWC DataDoubler - Macsales.com 
Mac RAM Upgrades: MacBook Pro 16GB kits $475, 8GB Kits for $119.99! iMac 16GB RAM Kits (4x 4GB) for $229.99! Mac Pro Memory 32GB Kit for $399.99, 64GB Kit for $889.99! Mac Hard Drives 2TB Seagate SATA II for $249.99! Click Here!
If you're using a Mac, then you've gotta check out PokerOnAMac.com. Online casinos and poker rooms are literally giving away cash and the casino sites at Poker on a Mac do the unthinkable, they actually reward! Join today, the download is free! 
Looking to find online casinos for mac? We can help you find the best real money casino sites where you can play your favorite casino games including blackjack and slots. -
-
-
-
-
-
