Heise Security reports Leopard crash risk

Posted by Dennis Sellers Apple ico Dec 10, 2007 at 8:46am

Heise Security says there’s a DoS vulnerability in Mac OS X 10.5 (“Leopard”) that can cause the system to crash. The flaw is an integer overflow in the load_threadstack function in mach_loader.c when processing Mach-O binaries, which can lead to a kernel panic.

The folks at Heise say that single user systems should not be at risk as the bug can only be exploited by users logged onto a system. The bug does, however, represent a problem on multi-user systems, as an attacker doesn’t require any special privileges to provoke this error they add. The vulnerability is present in Mac OS X 10.5, 10.5.1 and 10.4.11. No patch is presently available, but an exploit for testing is.

In addition, security web site, digit-labs.org,has reported a DoS vulnerability in the VPN service in Leopard (vpnd). Specially crafted packets can cause the demon to freeze. A demo for this vulnerability is also available. No patch is available. Users should restrict network access to the VPN service to known VPN clients.



Leave a comment ⇒
Please post the article topic & comment in our forums. No registration required.





Article Information

Comment on this Article Print this Article Email this Article Digg This

Contributor

Contributor

Dennis Sellers

Dennis has been a newspaper editor/reporter (seven years) and teacher (seven years). He has over 10,000 magazine, newspaper and online articles to his credit.  He has also covered the Mac and tech industries for over a decade for such online publications as MacCentral, MacMinute and now MacsimumNews.

Recent Articles

Apple Director Jerome York dies at age 71
HTC outlines disagreements with Apple’s lawsuit
Apple releases Logic Pro 9.1
iPhone/iPod/iPad apps for March 18
Arkansas.gov becomes first state to offer mobile payments for eGovernment services
5-Port FireRepeate-800 Pro is new FireWire 800 repeater hub
Intego releases Washing Machine 2 for the Mac
Rupert Murdoch: the iPad will rule all media
iDAPT i4 charging solution is iPhone, iPod compatible
Amazon.com, publishers clash as the iPad looms
Ngmoco plans six iPad games
Your Macsimum Podcast for March 18th
iGroups coming to the iPhone, iPod touch, iPad?
iPad pre-orders averaging 10,000 per day
STM Bags offers new colors in neoprene laptop sleeves
Inventors of Mac-BlackBerry Sync release PocketMac for BlackBerry 5
Amazon.com announces Kindle for Mac
Harman International to launch new products this spring
Workamajig update to offer enhancements for Safari 4.0.5
TextExpander update for Mac OS X improves behavior of fill-in snippets