Month of Apple Bugs - vulnerability in Personal File Sharing
The Mac OS X Personal File Sharing service contains a critical vulnerability. As has now been reported as part of the Month of Apple Bugs, there is a program bug in a component, the Service Protocol Location Daemon (slpd), which can cause a crash as a result of a buffer overflow. According to the discoverers, attackers may also be able to use it to take complete control of a vulnerable system over the network.
A demo exploit attached to the advisory merely crashes a local slpd on Intel Macs running OS X version 10.4.8. The developers specifically state, however, that it may be possible to inject arbitrary malicious code over the network. They do not say whether older OS X versions or systems with PowerPC architectures are affected.
SLP was introduced with Mac OS 8.5 and serves, in the same way as its successor Bonjour, as a directory for network services. Until a patch is available, OS X users should deactivate Personal File Sharing under "Sharing" in the system settings and only activate this service on trusted networks when needed.
See also:
- Apple SLP Daemon Service Registration Buffer Overflow Vulnerability, MoAB advisory on the vulnerability
- The Month of Apple Bugs, overview of all bugs published to date
(ehe)