Question about these vulnerabilities.

2 views
Skip to first unread message

frozenINcarbonite

unread,
Feb 3, 2007, 11:59:00 PM2/3/07
to MOAB Fixes
I was just wondering. If one of these remote vulnerabilities were
exploited on a user's machine, would reinstalling OS X fix the
problem. I guess wiping out everything would be the best thing to do
so that any malicious code or backdoors would be erased.

I understand that the vulnerabilities could still be exploited (until
they are patched) after a fresh install. But I just wanted to know if
that would fix the machine (for that instance) if I were to be
exploited.

I hope you guys and girls understand what I'm saying. If not, I'll try
to clear it up.

William A. Carrel

unread,
Feb 4, 2007, 3:17:12 AM2/4/07
to moab...@googlegroups.com
On 2/3/07, frozenINcarbonite <adr...@gosquareone.com> wrote:
>
> I was just wondering. If one of these remote vulnerabilities were
> exploited on a user's machine, would reinstalling OS X fix the
> problem. I guess wiping out everything would be the best thing to do
> so that any malicious code or backdoors would be erased.

Not unless by "reinstall" you mean formatting the drive. Just
overwriting the OS X files wouldn't be sufficient to clean the system
off. As long as the home directory is in tact, the user account will
still be just as compromised as it was before, and commands can be
executed to try to escalate privilege again.

There are a variety of methods for the escalation, one that has been
mentioned recently is putting a directory of malware in $PATH before
the normal directories and replacing "sudo" or "ssh" with something
that steals the credentials while otherwise behaving normally.

All this should just serve as additional caution to be careful what
you click on and download since it may not always be trustworthy.

--
wac

frozenINcarbonite

unread,
Feb 4, 2007, 1:46:37 PM2/4/07
to MOAB Fixes
What I mean by "reinstall" is erasing the drive by zeroing out the
data. Would that be sufficient?

Finlay Dobbie

unread,
Feb 4, 2007, 4:24:49 PM2/4/07
to moab...@googlegroups.com
On 04/02/07, frozenINcarbonite <adr...@gosquareone.com> wrote:
>
> What I mean by "reinstall" is erasing the drive by zeroing out the
> data. Would that be sufficient?

More than. You wouldn't have to zero. Just make sure you erase/format the drive.

-- Finlay

shawnce

unread,
Feb 5, 2007, 2:51:45 PM2/5/07
to MOAB Fixes

Ideally boot such a system from a read-only (e.g. CD, DVD) Mac OS X
install disk and use that to reformat the drive, then install Mac OS
X. Basically you don't want to reinstall from a source that
potentially was compromised.

(ignoring the extreme case of firmware re-flashing)

-Shawn

OldMacFan

unread,
Feb 5, 2007, 3:00:50 PM2/5/07
to MOAB Fixes
An added question about these vulnerabilities in general.

In a case where a group of Macs on a network with internet access uses
non-addressable IP's, is it possible for someone, outside the network
to gain access to individual machines? I guess I am lacking a
comprehensive knowledge of how some of these exploits work. In
general how port specific are these exploits?

I am sure I am missing something, so feel free to point it out.

Reply all
Reply to author
Forward
0 new messages