In association with heise online

10 December 2007, 13:31

Apple Leopard crash risk

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to reports, there is a DoS vulnerability in the Apple Leopard operating system which can cause the system to crash. The flaw is an integer overflow in the load_threadstack function in mach_loader.c when processing Mach-O binaries, which can lead to a kernel panic.

Single user systems should not be at risk as the bug can only be exploited by users logged onto a system. The bug does, however, represent a problem on multi-user systems, as an attacker does not require any special privileges to provoke this error. The vulnerability is present in Mac OS X 10.5, 10.5.1 and 10.4.11. No patch is presently available, but an exploit for testing is.

In addition, security website digit-labs.org has reported a DoS vulnerability in the VPN service in Mac OS X 10.5 (vpnd). Specially crafted packets can cause the demon to freeze. A demo for this vulnerability is also available. No patch is available. Users should restrict network access to the VPN service to known VPN clients.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-735637
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit