[ISN] Apple's Mac OS X Vulnerable To Networking Exploit

From: InfoSec News (alerts@private)
Date: Wed Feb 27 2008 - 04:06:30 PST


http://www.informationweek.com/news/showArticle.jhtml?articleID=206900323

By Thomas Claburn
InformationWeek
February 26, 2008

The most recent version of Apple's Mac OS X (10.5.2) appears contain a 
security vulnerability that could allow an attacker to crash computers 
on a local or remote network.

Security researcher Neil Kettle of Digit-labs.org on Tuesday posted a 
proof-of-concept exploit that takes advantage of a flaw in the way the 
Apple implements IPv6 support.

Most networks use the IPv4 networking protocol; IPv6 is slowly being 
deployed to provide a larger number of available network addresses, 
improved security, and other features.

In an e-mail, Kettle explained that the bug isn't likely to put home 
users at risk because few of them will be using IPv6 networks.

"In the case of office environments, the bug is more serious since it's 
more likely IPv6 will be supported on the local network," said Kettle. 
"One can easily imagine a single user crashing much (if not nearly all) 
employees' machines at, let's say, Apple Inc."

The bug is also an issue for Mac OS X Server, as more servers provide 
native IPv6. A single user, Kettle said, could significantly affect 
server reliability.

The bug resides in the open source KAME Project's IPv6 implementation, 
which may not properly process IPv6 packets that contain an IP payload 
compression protocol (IPComp) header. Mac OS X is built atop BSD Unix, 
which contains KAME Project code.

Kettle observes that the bug was identified in November and that Apple 
has not acknowledged that Mac OS X is vulnerable. The "very existence of 
this bug is quite indicative of Apple's patching and security 
practices," he said.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Wed Feb 27 2008 - 04:21:55 PST