MOAB Fixes Google Group

MOAB 1.1 ties up my system something fierce.

res...@gmail.com (Peter da Silva) — Tue, 30 Oct 2007 18:39:25 UT

This seems to have started happening with the 10.4.10 update, but I
had a bad crash and had to do some file system repair about the same
time so I attacked that first, then followed up on some reported
problems I'd googled in other applications that I was using, and it
took me a while to narrow things down to APE and then MOAB 1.1.

Moab exploit

k.lewbo...@gmail.com (High-Ya) — Sun, 24 Jun 2007 22:54:57 UT

Hi there - I am new to the group - I apparently have the exploit - I
have erased and installed and now having done that - find this on
repair
Permissions differ on ./private/var/log/secure.log, should be -
rw------- , they are -rw-r-----
Owner and group corrected on ./private/var/log/secure.log
Permissions corrected on ./private/var/log/secure.log

Re: [moabfixes] Which bugs are now still open?

land...@macports.org (Landon Fuller) — Fri, 11 May 2007 05:17:47 UT

Howdy,
I believe fixes for all bugs are now released. Today I ran through
the regression tests, installed the new Flip4Mac release, and
disabled the MoAB APE Patch =)
-landonf

Which bugs are now still open?

rmd-onl...@gmx.de (Ralf D.) — Fri, 20 Apr 2007 13:27:19 UT

After the security update 2007-004 from today, which MoAB are still
open and which relevance do they have?

Re: [moabfixes] Mac OS X 10.4.9 and Security Update 2007-003

land...@macports.org (Landon Fuller) — Thu, 15 Mar 2007 01:38:43 UT

Woot.
I pulled the PDF loop patch from the source, since that's now fixed.
I left the SU patch in (and updated the version match), since the bug
isn't actually fixed -- the document binding has just been removed.
-landonf

Mac OS X 10.4.9 and Security Update 2007-003

jens.ay...@gmail.com (Jens Ayton) — Tue, 13 Mar 2007 21:23:38 UT

Mac OS X 10.4.9 and Security Update 2007-003 have been released. Several MOAB
bugs are addressed. The announcement on Apple’s security-announce mailing list
specifically mentions:
MOAB-06-01-2007
MOAB-10-01-2007
MOAB-11-01-2007
MOAB-12-01-2007
MOAB-14-01-2007
MOAB-23-01-2007
MOAB-24-01-2007
MOAB-28-01-2007

Re: [moabfixes] Apple Security Fix 2007-002

jens.ay...@gmail.com (Jens Ayton) — Sun, 18 Feb 2007 18:34:19 UT

albertii:
[link]

Apple Security Fix 2007-002

maccam...@gmail.com (albertii) — Sun, 18 Feb 2007 16:07:25 UT

Hello,
The Apple Security update 2007-002 is suppose to fix some of the MOAB
vurnabilities. However i can't really find which are fixed & which
aren't.
So it would be nice that you add some new articles on your blog site
or over here about which vurnabilities are still unfixed & maybe
update your .ape so it wont patch these fixed components anymore.

Hidden Exploits

estanc...@yahoo.com (EddieS) — Fri, 16 Feb 2007 21:59:53 UT

I was on Macintouch today and saw their note about a wrap-up article
at Infinite Loop. The editors at Macintouch had an editorial note
below their synopsis:
'See also: the original MoAB website (but beware hidden exploits on
their site!),'
Was there more than one hidden exploit at MoAB?
The Safari issue for #29 comes to mind but was curious if anyone ran

Re: [moabfixes] What to do now

land...@bikemonkey.org (Landon Fuller) — Sat, 10 Feb 2007 06:09:56 UT

I will release updates to the MOAB APE as the vendors release
official patches, but there's no harm in leaving the patch installed
-- it will deactivate individual patches automatically as the
software in question is updated.
-landonf

Re: MOAB #29, does it include a Safari denial of service attack?

wm_wa...@hotmail.com — Sat, 10 Feb 2007 04:58:46 UT

Hi!
I don't know, but it caused my Power Mac QuickSilver G4 (10.4.8) to
experience browser lockups no matter what browser I was using. Safari,
Firefox and Camino all died in the same way...a constant beach ball of
death, followed by my forcing the affected browser to quit. This
computer was upgraded to a 1.8GHz CPU and it never came back even

Re: [moabfixes] Re: Software Update bug (#24)

finlay.dob...@gmail.com (Finlay Dobbie) — Fri, 09 Feb 2007 16:57:40 UT

No, this does not happen in the normal operation of software update.
It happens if you download and locally open a corrupt file.
-- Finlay

Re: Software Update bug (#24)

adr...@gosquareone.com (frozenINcarbonite) — Fri, 09 Feb 2007 16:36:34 UT

I have read the advisory, but I don't understand all of that "talk". I
just want to know if I have a clean machine without any other exploits
already on it and I run Software Update, can I be exploited just by
running Software Update? I mean, is every single Mac user who runs
Software Update at risk for being "pwned"?

Re: [moabfixes] Re: Software Update bug (#24)

finlay.dob...@gmail.com (Finlay Dobbie) — Fri, 09 Feb 2007 14:45:45 UT

This is a file handler bug. It relates to downloading & opening a
corrupt .sucatalog file. See the advisory and proof of concept for
more information.
<[link]>
-- Finlay

Re: Software Update bug (#24)

adr...@gosquareone.com (frozenINcarbonite) — Fri, 09 Feb 2007 14:42:33 UT

This Software Bug. Is it a remote exploit?
If you have a clean system and you run Software Update, can your
machine be exploited just because you ran Software Update?