toggle

AAPL Stock: 428.88 ( -2.89 )

http://www.macnn.com/articles/02/02/20/dns.vulnerability/

DNS Vulnerability can crash Mac OS 9, Classic

updated 02:50 pm EST, Wed February 20, 2002

 
", 0, 0);


Jason Linhart of Summary.net reports on a DNS vulnerability in Mac OS 9 (and Classic) that could cause the system to crash when performing a reverse DNS lookup of a specific range of IPs. 





If you do a reverse DNS lookup on this IP address, "206.207.151.40", under MacOS

9.x the machine will crash. This is true regardless of what program you use to

do the lookup (OTTool, 
href="http://www.interarchy.com/">Interarchy, 
href="http://summary.net/soft/dnstran.html">DNSTran, etc).



Remember to save your work before testing this for yourself!



This bug can be used to crash a Macintosh acting as a server, if DNS lookups are

enabled on the server. Anyone accessing such a site from that address will crash

the server. Looking up this address using a Classic application running under

MacOS X will crash Classic, although the rest of OS X will continue normally.



The DNS server responsible for this address is returning a slightly invalid

packet, but the machine shouldn't crash! Lookups of this address on MacOS X,

Windows, Linux, etc work normally.



I reported this problem to Apple on January 19th as bug #2844306, and it is also

listed under Radar ID 2846222. No information about a resolution, work around,

or patch has been forthcoming from Apple.



WhatRoute http://www.whatroute.net/

does not crash when looking up this address. It apparently does not use the

standard system call to do it's lookups.



Users of my products have reported that 206.98.128.14, 206.207.48.173, and

206.207.48.194 will also crash the Mac.



Jason


by MacNN Staff

Post tools:

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. paulvail

    Fresh-Faced Recruit

    Joined: Feb 2002

    0
    02/20, 06:48pm | report spam | Reply |

    more bad reverse DNS news

    We've found yet another bad IP related to the above report: The offending IP address is 206.207.48.198.

    paul vail
    rduonline.com - webhosting

  1. jared.williams

    Joined:

    0
    02/20, 11:31pm | report spam | Reply | delete

    hmm...

    Are these root DNS servers?

  1. ducasi

    Junior Member

    Joined: Jun 2001

    0
    02/21, 03:19am | report spam | Reply |

    Here's why...

    For a couple of the addresses noted above, a reverse lookup of the name, instead of returning a "PTR" record with a name, instead return an "A" record with another IP number.

    This suggests a configuration problem for these DNS servers. Of course, the Mac shouldn't crash as a result.

    The other addresses I tried did not have appear to have a name associated with them, but maybe there is some other configuration problem on the DNS server being queried that confuses the poor Mac.

    Perhaps it would be easier to get the admin of gesd.k12.az.us, et al, to fix their DNS.

  1. rikfox

    Joined:

    0
    03/17, 07:50pm | report spam | Reply | delete

    Funnel Web Analyzer

    Users have reported this issue affecting our product, Funnel Web Analyzer also. We have no fix for the problem at present, the issue is with a Mac OS library and we can't fix that. However, adding filters for the offending IP addresses should work fine, as this will exclude them from analysis.

    Richard

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Logitech FabricSkin Keyboard Folio for iPad

Since the fourth-generation iPad didn't evolve much over its predecessor, the market for iPad accessories has remained somewhat static ...

Huawei Ascend Mate

The Huawei Ascend Mate is a phone that fits the screen-size gap between the 4 to 5-inch smartphone and the seven-inch or more tablet, ...

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

toggle

Most Commented

 

Popular News