Mac-OS-X-Server-DirectoryService-Buffer-Overflow
The bug is located in the function 'DSTCPEndpoint::AllocFromProxyStruct' from 'DSTCPEndpoint.cpp'1. An attacker can control both the value of 'inProxyDataMsg-fDataSize' and the data that will be copied. Thus, by sending a huge amount of data and a small buffer size, the service will crash trying ...