Re: OS X DirectoryService DoS {@stake adv: a041003-1}

["subversive " <subversive () linuxmail org>]

Neeko Oni wrote:

> Ok, the PATH problem is self-explanatory (and has been exploited once
the DirectoryService process has crashed) but I've had some difficulty
> reproducing the DoS attack claim.  I've got a 10.2.4 machine sitting
> right next to me, I believe it's a stock install, but DirectoryService
> doesn't bind 625.  DirectoryService doesn't bind any ports and
> furthermore nothing binds 625 at all.
>
> Has anyone reproduced the DoS in that advisory?

I also read the advisory and of the two MacOS machines that I am able
to access (only one locally) I can confirm that on the machine that
I don't have local access there was a daemon running on port 625 and
as the advisory states I was able to reproduce the DoS attack. I'm 
not sure exactly which version of MacOS X that machine was running
but the daemon did crash and and refuse connection.

On the machine that I know for a fact is 10.2.4 and have local access to,
DirectoryService was setuid root and was running but there was no port
625 open. I haven't port scanned the machine to check other ports yet
so i'm not ruling out the possibility its running on a different port
just yet.

Has anyone else looked into this matter... ?

-subversive
-- 
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html