Mac OS-X Admin Service Buffer Overflow

Networking/Security Forums -> Macintosh

Author: RoboGeekLocation: LeRoy, IL PostPosted: Wed Mar 24, 2004 1:59 pm    Post subject: Mac OS-X Admin Service Buffer Overflow
The following security advisory can be found at the SecuriTeam web site:

Mac OS-X Admin Service Buffer Overflow Vulnerability


A security vulnerability exists in the admin service of Mac OS-X.
Successful exploitation of the vulnerability will crash the service and if
a specially crafted payload is sent, it can lead to arbitrary code


Vulnerable Systems:
* Mac OS-X server version 10.3

When a very large chunk of data is sent to the GUI admin service (TCP port
660) it will crash the service. This is similar to a classic buffer
overflow vulnerability although as of now there is no exploit code

In order to test for this vulnerability, the following command can be

$ perl -e 'print "A"x2057' | nc <host> 660 -q0

Note that the service will restart after it crashes.

Networking/Security Forums -> Macintosh

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group