Apple Mac OS X mDNSResponder UPnP IGD buffer overflow

macos-mdnsresponder-upnp-bo (34493)

High Risk

Description:

Apple Mac OS X is vulnerable to a buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code of the mDNSResponder implementation. By sending a specially-crafted packet to a vulnerable system, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.

The IBM ISS X-Force analysts have discovered that this vulnerability is only present if the computer has a private ip address per RFC 1918.

Platforms Affected:

• Apple, Mac OS X 10.4
• Apple, Mac OS X 10.4.1
• Apple, Mac OS X 10.4.10
• Apple, Mac OS X 10.4.11
• Apple, Mac OS X 10.4.2
• Apple, Mac OS X 10.4.3
• Apple, Mac OS X 10.4.4
• Apple, Mac OS X 10.4.5
• Apple, Mac OS X 10.4.6
• Apple, Mac OS X 10.4.7
• Apple, Mac OS X 10.4.8
• Apple, Mac OS X 10.4.9
• Apple, Mac OS X Server 10.4
• Apple, Mac OS X Server 10.4.1
• Apple, Mac OS X Server 10.4.10
• Apple, Mac OS X Server 10.4.11
• Apple, Mac OS X Server 10.4.2
• Apple, Mac OS X Server 10.4.3
• Apple, Mac OS X Server 10.4.4
• Apple, Mac OS X Server 10.4.5
• Apple, Mac OS X Server 10.4.6
• Apple, Mac OS X Server 10.4.7
• Apple, Mac OS X Server 10.4.8
• Apple, Mac OS X Server 10.4.9

Remedy:

Apply Apple Security Update 2007-005, available from the Apple Web site. See References.

Upgrade to the latest version of Apple TV (1.1 or later), available from the Apple TV 1.1 Security Update. See References.

Consequences:

Gain Access

References:

• Apple Security Update 2007-005, About Security Update 2007-005 at http://docs.info.apple.com/article.html?artnum=305530.
• Apple TV 1.1 Security Update, About the security content of Apple TV 1.1 at http://docs.info.apple.com/article.html?artnum=305631.
• Apple Web site, Apple security updates at http://docs.info.apple.com/article.html?artnum=61798.
• IBM Internet Security Systems Protection Alert May 24, 2007, Apple Mac OS X mDNSResponder UPnP IGD buffer overflow at http://www.iss.net/threats/264.html.
• BID-24144: Apple Mac OS X 2007-005 Multiple Security Vulnerabilities
• BID-24159: Apple Mac OS X mDNSResponder Remote Buffer Overflow Vulnerability
• CVE-2007-2386: Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
• FrSIRT/ADV-2007-1939: Apple Mac OS X Multiple Remote Code Execution and Privilege Escalation Vulnerabilities
• FrSIRT/ADV-2007-2269: Apple TV Security Update Fixes UPnP IGD Remote Command Execution Vulnerability
• OSVDB ID: 35142: Mac OS X mDNSResponder UPnP Internet Gateway Device (IGD) Packet Remote Overflow
• SA25745: Apple TV UPnP IGD Buffer Overflow Vulnerability
• SECTRACK ID: 1018123: Mac OS X Buffer Overflow in mDNSResponder Lets Remote Users Execute Arbitrary Code
• US-CERT VU#221876: Apple Mac OS X mDNSResponder buffer overflow vulnerability

Reported:

May 24, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page