[Dailydave] I love the smell of remote root in the morning

[Dave Aitel]

Unfortunately, this morning I can't smell anything. I'm supposed to be
helping Kostya teach Unethical Hacking, but instead I'm home sick, coughing
up things from the bottom of the ocean. I'm not checking my corporate email,
because you don't want to be making any decisions on whatever drugs I'm
pumped full of right now. I did check our partner's page out this morning
and I notice there's a new vulnerability in OS X out.

The Apple advisory says: """


   -

   *mDNSResponder*

   CVE-ID: CVE-2007-2386

   Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

   Impact: An attacker on the local network may be able to cause a denial
   of service or arbitrary code execution

   Description: A buffer overflow vulnerability exists in the UPnP IGD
   (Internet Gateway Device Standardized Device Control Protocol) code used to
   create Port Mappings on home NAT gateways in the OS X mDNSResponder
   implementation. By sending a maliciously crafted packet, an attacker on the
   local network can trigger the overflow which may lead to an unexpected
   application termination or arbitrary code execution. This update addresses
   the issue by performing additional validation when processing UPnP protocol
   packets. This issue does not affect systems prior to Mac OS X v10.4.
   Credit to Michael Lynn of Juniper Networks for reporting this issue.


[image: spacer]
"""

So essentially a reliable remote root on everyone at Starbucks or on all
those OS X fiends at security conventions. The Immunity exploit will do so
on either PPC or Intel, your pick, and since the service restarts, you get
to pick twice. :>

-dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20070525/1e28c135/attachment-0001.htm