Apple Mac OS X AppleTalk _ATPsndrsp Function Remote Heap Overflow Vulnerability

Bugtraq ID:	22041
Class:	Boundary Condition Error
CVE:	CVE-2007-0236
Remote:	Yes
Local:	No
Published:	Jan 14 2007 12:00AM
Updated:	Mar 14 2007 04:44AM
Credit:	Discovered by LMH <[email protected]>.
Vulnerable:	Apple Mac OS X Server 10.4.8 Apple Mac OS X 10.4.8
Not Vulnerable:	Apple Mac OS X Server 10.4.9 Apple Mac OS X 10.4.9

Apple Mac OS X AppleTalk _ATPsndrsp Function Remote Heap Overflow Vulnerability

Apple Mac OS X AppleTalk is prone to a heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer.

An attacker could leverage this issue to have arbitrary code execute with administrative privileges. A successful exploit could result in the complete compromise of the affected system.

Apple Mac OS X version 10.4.8 is reported vulnerable; other versions may be vulnerable as well.

Apple Mac OS X AppleTalk _ATPsndrsp Function Remote Heap Overflow Vulnerability

A proof of concept that triggers a denial-of-service condition is available.

• /data/vulnerabilities/exploits/MOAB-14-01-2007.c

Apple Mac OS X AppleTalk _ATPsndrsp Function Remote Heap Overflow Vulnerability

Solution:
The vendor has released Mac OS X v10.4.9 to address this issue; please see the references for details.


Apple Mac OS X Server 10.4.8

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.8

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X AppleTalk _ATPsndrsp Function Remote Heap Overflow Vulnerability

References:

• Mac OS X Homepage (Apple)
  
• MOAB-14-01-2007: AppleTalk ATPsndrsp() Heap Buffer Overflow Vulnerability (LMH )