The admin service on Mac OS-X, which runs on port 660, has a buffer overflow vulnerability.
482c55a3dd124804fd01164bf03aea33dfda82b3251f554ad7338459e27e23d4
I discovered that by netcatting/telneting/otherwise sending 2057 A's to port 610 (pss editor: 660)(admin service) of an osx server box that the serivce will crash and restart. I infered that the buffer must be set at 2056 charactors. I was only able to test this on one box, and I was not able to get on it and dump memory, etc as it was a friends. A was also unable to make a shellcode for this, but that's because of my not-quite-elite knowlage, not that it's impossible.
I notified Mac about 4 weeks ago, no response and no patch.
Thanks and sorry I can't give more info,
-Jack C ("crEp")
crep@triviasecurity.net
http://www.crepinc.com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed