[MacTUG] Security flaws surface in Leopard, VPN
Marlon A. Griffith
m3griffi at engmail.uwaterloo.ca
Tue Dec 11 16:39:58 EST 2007
A new denial of service (DoS) vulnerability has surfaced in Apple's Mac OS X Leopard operating system that can result in crashes, according to Heise Security. The flaw, which is an integer overflow in the load_threadstack function in mach_loader.c, occurs when processing Mach-O binaries and can lead to a kernel panic. Single user systems should not be at risk, according to the company, but multi-user setups are vulnerable because attackers do not require any special privileges to provoke the error.
Additionally, security website digit-labs.org has reported a DoS vulnerability in the VPN (Virtual Private Network) service in Mac OS X 10.5 where maliciously-crafted packets can cause the service to freeze. Demonstration exploits are available for both flaws, and no patches have been released to correct the problems.
http://www.macnn.com/articles/07/12/10/security.flaws.in.leopard/
More information about the MacTUG
mailing list