ID

VAR-200712-0161

CVE

CVE-2007-6276

TITLE

Apple Mac OS X VPND Remote Denial of Service Vulnerability

DESCRIPTION

The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112. An attacker can exploit this issue to crash affected computers, denying service to legitimate users. This issue affects Apple Mac OS X 10.5; other versions may also be affected. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerability is caused due to an error within vpnd when handling connections and can be exploited to stop the VPN daemon by sending a specially crafted packet to the service. Other versions may also be affected. SOLUTION: Restrict network access to the VPN daemon to trusted clients. PROVIDED AND/OR DISCOVERED BY: mu-b ORIGINAL ADVISORY: http://milw0rm.com/exploits/4690 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30802 VERIFY ADVISORY: http://secunia.com/advisories/30802/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities and a weakness. 1) An unspecified error in the Alias Manager when handling AFP volume mount information in an alias data structure can be exploited to cause a memory corruption and potentially execute arbitrary code. 2) A weakness is caused due to users not being warned before opening certain potentially unsafe content types, e.g. .xht and .xhtm files. 3) A format string error in c++filt can be exploited to exploited to execute arbitrary code when a specially crafted string is passed to the application. 4) An vulnerability in Dock can be exploited by malicious people with physical access to a system to bypass the screen lock when Expos\xe9 hot corners are set. 5) A race condition error exists in Launch Services in the download validation of symbolic links. This can be exploited to execute arbitrary code when a user visits a malicious web site. Successful exploitation requires that the "Open 'safe' files" option is enabled in Safari. 6) A vulnerability in Net-SNMP can be exploited by malicious people to spoof authenticated SNMPv3 packets. For more information: SA30574 7) Some vulnerabilities in Ruby can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. 8) A vulnerability in SMB File Server can be exploited by malicious people to compromise a vulnerable system. For more information: SA30228 9) It is possible to store malicious files within the User Template directory. This can be exploited to execute arbitrary code with permissions of a new user when his home directory is created using the User Template directory. 10) Some vulnerabilities in Tomcat can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or to conduct cross-site scripting attacks. For more information: SA25678 SA26466 SA27398 SA28878 11) A vulnerability in WebKit can be exploited by malicious people to compromise a user's system. or apply Security Update 2008-004. Security Update 2008-004 (PPC): http://www.apple.com/support/downloads/securityupdate2008004ppc.html Security Update 2008-004 (Intel): http://www.apple.com/support/downloads/securityupdate2008004intel.html Security Update 2008-004 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008004serverppc.html Security Update 2008-004 Server (Intel): http://www.apple.com/support/downloads/securityupdate2008004serverintel.html Mac OS X 10.5.4 Combo Update: http://www.apple.com/support/downloads/macosx1054comboupdate.html Mac OS X 10.5.4 Update: http://www.apple.com/support/downloads/macosx1054update.html Mac OS X Server 10.5.4: http://www.apple.com/support/downloads/macosxserver1054.html Mac OS X Server Combo 10.5.4: http://www.apple.com/support/downloads/macosxservercombo1054.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Brian Mastenbrook 4) Andrew Cassell, Marine Spill Response Corporation 8) Alin Rad Pop, Secunia Research 9) Andrew Mortensen, University of Michigan 11) James Urquhart ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT2163 OTHER REFERENCES: SA25678: http://secunia.com/advisories/25678/ SA26466: http://secunia.com/advisories/26466/ SA27398: http://secunia.com/advisories/27398/ SA28878: http://secunia.com/advisories/28878/ SA29232: http://secunia.com/advisories/29232/ SA29794: http://secunia.com/advisories/29794/ SA30228: http://secunia.com/advisories/30228/ SA30574: http://secunia.com/advisories/30574/ SA30775: http://secunia.com/advisories/30775/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

digital error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

mu-b mu-b@digit-labs.org

SOURCES

LAST UPDATE DATE

2025-04-10T21:06:51.511000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE