OSVDB ID: 32713 Title: Apple iChat Improper TXT Key Hash Handling DoS |
Info |
|
|
Dates |
||||
|
|
Description |
Apple iChat improperly parses TXT key hashes which may allow a remote denial of service. The issue is triggered when the Apple iChat Agent receives a specially crafted TXT key hash via Bonjour triggering a NULL pointer dereference and resulting in a loss of availability for the iChat service. |
Classification |
Location:
Remote / Network Access
Attack Type: Denial of Service Impact: Loss of Availability Exploit: Exploit Public Disclosure: OSVDB Verified |
Solution |
Download and install Security Update 2007-002 (PPC) via Software Update preferences, or from Apple Downloads, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): - Do not use iChat with the Bonjour service. or - Disable mDNSResponder using the following (by author): sudo launchctl unload /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist sudo mv /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist \ /Users/Shared/com.apple.mDNSResponder.plist.BACKUP |
Products |
|
References |
|
Credit |
|
info-pull.com -