Apple iChat _presence._tcp Records DoS

2007-01-29T12:00:00
ID OSVDB:32699
Type osvdb
Reporter Lance M. Havok(lmh@info-pull.com)
Modified 2007-01-29T12:00:00

Description

Vulnerability Description

Apple iChat allows a remote denial of service due to permitting the addition of any advertised _presence._tcp records without verifying whether they already exist. The issue can be triggered when a remote malicious user on the same multicast network as other iChat users advertises multiple fake _presence._tcp records. This may lead to the attacker blocking those users from having reliable communications and finding additional peers in the network, resulting in a loss of availability for the iChat service.

Solution Description

Download and install Security Update 2007-002 (PPC) via Software Update preferences, or from Apple Downloads, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): - Do not use iChat with the Bonjour service. or - Disable mDNSResponder using the following (by author): sudo launchctl unload /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist sudo mv /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist \ /Users/Shared/com.apple.mDNSResponder.plist.BACKUP

Short Description

Apple iChat allows a remote denial of service due to permitting the addition of any advertised _presence._tcp records without verifying whether they already exist. The issue can be triggered when a remote malicious user on the same multicast network as other iChat users advertises multiple fake _presence._tcp records. This may lead to the attacker blocking those users from having reliable communications and finding additional peers in the network, resulting in a loss of availability for the iChat service.

References:

Vendor Specific Solution URL: http://www.apple.com/support/downloads/securityupdate2007002ppc.html Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=305102 Security Tracker: 1017661 Secunia Advisory ID:23945 Secunia Advisory ID:24198 Related OSVDB ID: 32715 Related OSVDB ID: 32698 Related OSVDB ID: 32713 Related OSVDB ID: 32714 Other Advisory URL: http://projects.info-pull.com/moab/MOAB-29-01-2007.html Mail List Post: http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.html Generic Informational URL: http://developer.apple.com/documentation/Cocoa/Conceptual/NetServices/Articles/about.html Generic Informational URL: http://developer.apple.com/networking/bonjour/index.html Generic Exploit URL: http://projects.info-pull.com/moab/bug-files/MOAB-29-01-2007.rb CVE-2007-0613 Bugtraq ID: 22304