Denial of service vulnerability in Tiger and Leopard

A new report by Heise Security released on stating that there is a newly-discovered denial of service vulnerability in Mac OS X, 10.4.11, 10.5 and 10.5.1 that can lead to kernel panics. Those who maintain only a single user on their machines need not worry, as this is an exploit that can only take place on multi-user systems. There is currently no patch; one will surely be coming from Apple, although the only question is when.

What follows is the report:

According to reports, there is a DoS vulnerability in the Apple Leopard operating system which can cause the system to crash. The flaw is an integer overflow in the load_threadstack function in mach_loader.c when processing Mach-O binaries, which can lead to a kernel panic.

Single user systems should not be at risk as the bug can only be exploited by users logged onto a system. The bug does, however, represent a problem on multi-user systems, as an attacker does not require any special privileges to provoke this error. The vulnerability is present in Mac OS X 10.5, 10.5.1 and 10.4.11. No patch is presently available, but an exploit for testing is.

In addition, security website digit-labs.org has reported a DoS vulnerability in the VPN service in Mac OS X 10.5 (vpnd). Specially crafted packets can cause the demon to freeze. A demo for this vulnerability is also available. No patch is available. Users should restrict network access to the VPN service to known VPN clients.

Via [Infinite Loop] and [Heise Security]