Mac OS X mDNSResponder UPnP IGD Crafted Packet Remote Overflow

ID OSVDB:36967
Type osvdb
Reporter Neil Kettle()
Modified 2007-07-31T17:53:25


Vulnerability Description

A buffer overflow exists in Mac OS X. The mDNS Responder fails to validate UPnP IGD packets resulting in a buffer overflow. With a specially crafted packet, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X 10.4 - 10.4.10 mDNSResponder UPnP IGD Crafted Packet Remote Overflow


Vendor Specific Advisory URL Security Tracker: 1018488 Secunia Advisory ID:26235 Related OSVDB ID: 36965 Related OSVDB ID: 36971 Related OSVDB ID: 36973 Related OSVDB ID: 36974 Related OSVDB ID: 36963 Related OSVDB ID: 36964 Related OSVDB ID: 36966 Related OSVDB ID: 36968 Related OSVDB ID: 36972 Related OSVDB ID: 36969 Related OSVDB ID: 36970 Related OSVDB ID: 36975 Other Advisory URL: Mail List Post: ISS X-Force ID: 35733 FrSIRT Advisory: ADV-2007-2732 CVE-2007-3744 Bugtraq ID: 25159