Apple Leopard crash risk
According to reports, there is a DoS vulnerability in the Apple Leopard operating system which can cause the system to crash. The flaw is an integer overflow in the load_threadstack function in mach_loader.c when processing Mach-O binaries, which can lead to a kernel panic.
Single user systems should not be at risk as the bug can only be exploited by users logged onto a system. The bug does, however, represent a problem on multi-user systems, as an attacker does not require any special privileges to provoke this error. The vulnerability is present in Mac OS X 10.5, 10.5.1 and 10.4.11. No patch is presently available, but an exploit for testing is.
In addition, security website digit-labs.org has reported a DoS vulnerability in the VPN service in Mac OS X 10.5 (vpnd). Specially crafted packets can cause the demon to freeze. A demo for this vulnerability is also available. No patch is available. Users should restrict network access to the VPN service to known VPN clients.
- CVE-2007-6261 Integer overflow in the load_threadstack function in the Mach-O loader, security advisory on CVE
- Apple Mac OS X VPND Remote Denial of Service Vulnerability, security advisory on Bugtraq
(mba)