Looks like mixing LDAP w/ DHCP on MacOS X can cause some serious damage: http://www.carrel.org/dhcp-vuln.html
-snip- A malicious individual sets up a laptop with an 802.11b card running in AP mode. The individual then sets up a DHCP server on the laptop to give addresses and ldap-server (DHCP option 95) responses that point to the laptop and a private network. The individual then sets up an LDAP server on the laptop pre-populated with a user account with uid 0 and the ou=macosxodconfig item with the appropriate XML for the field locations. The individual then simply sits back and waits for the DHCP clients to take leases on the wireless network. When they do a simple port scan of the assigned address will reveal any ports that can be taken advantage of. At this point, the individual can install and run any malicious executable desired as uid 0. The malicious individual at this point can turn the 802.11b card in their laptop off and the only trace of their malfeasance on the victim machine is possibly a few lines in the system logs. -snip- - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
