I love the smell of remote root in the morning

["Dave Aitel" <dave.aitel () gmail com>]

Unfortunately, this morning I can't smell anything. I'm supposed to be
helping Kostya teach Unethical Hacking, but instead I'm home sick, coughing
up things from the bottom of the ocean. I'm not checking my corporate email,
because you don't want to be making any decisions on whatever drugs I'm
pumped full of right now. I did check our partner's page out this morning
and I notice there's a new vulnerability in OS X out.

The Apple advisory says: """


  -

  *mDNSResponder*

  CVE-ID: CVE-2007-2386

  Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

  Impact: An attacker on the local network may be able to cause a denial
  of service or arbitrary code execution

  Description: A buffer overflow vulnerability exists in the UPnP IGD
  (Internet Gateway Device Standardized Device Control Protocol) code used to
  create Port Mappings on home NAT gateways in the OS X mDNSResponder
  implementation. By sending a maliciously crafted packet, an attacker on the
  local network can trigger the overflow which may lead to an unexpected
  application termination or arbitrary code execution. This update addresses
  the issue by performing additional validation when processing UPnP protocol
  packets. This issue does not affect systems prior to Mac OS X v10.4.
  Credit to Michael Lynn of Juniper Networks for reporting this issue.


[image: spacer]
"""

So essentially a reliable remote root on everyone at Starbucks or on all
those OS X fiends at security conventions. The Immunity exploit will do so
on either PPC or Intel, your pick, and since the service restarts, you get
to pick twice. :>

-dave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave