Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [MU-200611-01] Pre-Authentication Vulnerability in Mac

from [noreply] Network Security [Permanent Link]
Subject: [Full-disclosure] [MU-200611-01] Pre-Authentication Vulnerability in Mac OSX kernel PPP
Date: Tue, 28 Nov 2006 23:03:26 +0000 (GMT) 
driver

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pre-Authentication Vulnerability in Mac OSX kernel PPP driver [MU-200611-01]
November 28, 2006

http://labs.musecurity.com/advisories.html

Affected Product/Versions:

Mac OS X v10.3.9
Mac OS X Server v10.3.9
Mac OS X v10.4.8
Mac OS X Server v10.4.8

Product Overview:

"PPP is  the protocol used for establishing internet links over dial-up
modems, DSL connections, and many other types of point-to-point  links.
The  pppd daemon works together with the kernel PPP driver to establish
and maintain a PPP link with another system (called the  peer)  and  to
negotiate  Internet  Protocol  (IP) addresses for each end of the link.
Pppd can also authenticate the peer and/or supply authentication infor-
mation  to  the  peer.   PPP  can  be used with other network protocols
besides IP, but such use is becoming increasingly rare."

Vulnerability Details:

The network kernel extension com.apple.nke.pppoe that works concurrently with
the pppd has a critical vulnerability that may lead to arbitrary code
execution with system privileges. The vulnerability is triggered by sending a
malformed PADI packet with invalid lengths to the ppp daemon. PADI is the
first message in a PPPoE link establishment and requires no credentials. In
addition, the MAC address of the sender can be spoofed. Users of PPP who do
not create PPPoE connections are not at risk of attack. PPPoE is also not
enabled by default.

Vendor Response / Solution:

All users of PPPoE on OS X are recommended to immediately apply the security
updates available from the following URL:

http://docs.info.apple.com/article.html?artnum=304829

Mu Security would like to thank Apple for timely remediation of these
vulnerabilities.

History:

09/14/06 - First contact with the vendor
11/01/06 - Fix available for the vulnerabilities
11/28/06 - Advisory released

Credit:

This vulnerability was discovered by the Mu Security research team.

http://labs.musecurity.com/pgpkey.txt

Mu Security offers a new class of security analysis system, delivering a
rigorous and streamlined methodology for verifying the robustness and security
readiness of any IP-based product or application. Founded by the pioneers of
intrusion detection and prevention technology, Mu Security is backed by
preeminent venture capital firms that include Accel Partners, Benchmark
Capital and DAG Ventures. The company is headquartered in Sunnyvale, CA. For
more information, visit the company's website at http://www.musecurity.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)

iD8DBQFFbK47Ml+docYeP+YRAtYvAJsE0DymOrYWyPL363FyDIen2/B6qgCgk/uU
myV3rI7qnCMdLbJCUjqdPsk=
=Kv1p
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [MU-200611-01] Pre-Authentication Vulnerability in Mac OSX kernel PPP, noreply <=
Previous by Date:  [Full-disclosure] [ MDKSA-2006:219 ] - Updated tar packages fix vulnerability, security
Next by Date:  [Full-disclosure] New report on Teredo security, Jim Hoagland
Previous by Thread:  [Full-disclosure] [ MDKSA-2006:219 ] - Updated tar packages fix vulnerability, security
Next by Thread:  [Full-disclosure] New report on Teredo security, Jim Hoagland
Indexes:  [Date] [Thread] [Top] [All Lists]