Existing users, log in.  New users, create a free account.  Lost password?

Mac OS X  |  IT & Network Administration  |  Utility  |  CarrelPatch

CarrelPatch

CarrelPatch - 1.0.1

Script to disable DHCP/LDAP vulnerability

Download Now Download Now

(File Size: 19k)

Free Product Alerts!

Register for free to receive alerts when CarrelPatch is updated.
All Time: Not rated (0.0)
This Version: Not rated (0.0)
Current Version: 1.0.1
Release Date: 2003-12-19
License: Freeware
Downloads (this version): 2,446
Downloads (all versions): 2,448

Information Related to Version:

Broken Link? Newer Version? Tell us!

Product Description:

As reported by William Carrel, at http://www.carrel.org/dhcp-vuln.html, the default setting for LDAPv3 directory access in Panther and earlier versions of Mac OS X creates a potential vulnerability. Apple has released information on a workaround at:
http://docs.info.apple.com/article.html?artnum=32478
This procedure does disable the vulnerability's access point. However, some folks may not be comfortable changing Directory Access settings, or may not want to walk remote users through it.
So, this script does that via UI scripting. Because it has to use UI scripting, it only works on Panther, (that's the only OS release that I can count on having UI scripting installed on.)
You also MUST be able to authenticate as an administrator on any mac you run this on.
So, lets review...to use this script, you MUST:
1) Be running some version of Panther
2) Be an administrator on the machine you run the script on.

What's new in this version:

creeted already good flag so that you don't get erroneous messages if you're ahead of the game.
Thanks to Todd McDaniel for spotting this.

Operating System Requirements:

This product is designed to run on the following operating systems:

  • Mac OS X 10.3

Additional Requirements:

  • Mac OS X 10.3 or higher

Screenshots:

Developer: Submit screenshots for CarrelPatch

Download Links:

Download CarrelPatch Now (File Size: 19k)

Your Installed Versions:


 
Show All Feedback (1)Search FeedbackSearch Feedback

Feedback Summary:

This Version:
Overall Rating: Not rated (0.0) Features: Not rated (0.0) Support: Not rated (0.0)
Ease of Use: Not rated (0.0) Quality / Stability: Not rated (0.0) Price: Not rated (0.0)
Add Your Feedback

Key to Types of Feedback:

ReviewsReviews   TroubleshootingTroubleshooting   Usage TipsUsage Tips   Developer NotesDeveloper Notes   CommentaryCommentary   Featured ReviewsFeatured Reviews

CarrelPatch CommentarySecurity Update out - Version: 1.0.1, 12/20/2003 10:53AM PST

johncwelch
It looks like Apple bundled what this script does into a security update released on the 19th of December.

I would of course encourage all to go apply it.

john
Post a commentAlert Admin