Apple Fun: MOAB-17-01-2007: Apple SLP Daemon Service Registration Buffer Overflow Vulnerability

Wednesday, January 17, 2007

MOAB-17-01-2007: Apple SLP Daemon Service Registration Buffer Overflow Vulnerability

slpd is vulnerable to a buffer overflow condition when processing the attr-list field of a registration request, leading to an exploitable denial of service condition and potential arbitrary execution. It would allow unprivileged local (and possibly remote) users to execute arbitrary code under root privileges.

For further information:

Apple SLP Daemon Service Registration Buffer Overflow Vulnerability
Proof of concept: MOAB-17-01-2007.rb

This issue was reported to Apple on 8/2/06 5:31 PM.

2 comments:

Anonymous said...: Is 8/2/2006 August or February? (guessing the former?); January 18, 2007 at 4:47 PM
Anonymous said...: August; January 19, 2007 at 2:09 PM