Mac OS-X Admin Service Buffer Overflow

Networking/Security Forums -> Macintosh

Author: RoboGeekLocation: LeRoy, IL PostPosted: Wed Mar 24, 2004 1:59 pm    Post subject: Mac OS-X Admin Service Buffer Overflow
    ----
Quote:
The following security advisory can be found at the SecuriTeam web site: http://www.securiteam.com


Mac OS-X Admin Service Buffer Overflow Vulnerability
------------------------------------------------------------------------


SUMMARY

A security vulnerability exists in the admin service of Mac OS-X.
Successful exploitation of the vulnerability will crash the service and if
a specially crafted payload is sent, it can lead to arbitrary code
execution.

DETAILS

Vulnerable Systems:
* Mac OS-X server version 10.3

When a very large chunk of data is sent to the GUI admin service (TCP port
660) it will crash the service. This is similar to a classic buffer
overflow vulnerability although as of now there is no exploit code
available.

In order to test for this vulnerability, the following command can be
used:
Code:

$ perl -e 'print "A"x2057' | nc <host> 660 -q0


Note that the service will restart after it crashes.



Networking/Security Forums -> Macintosh


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group