updated 02:50 pm EST, Wed February 20, 2002
Jason Linhart of Summary.net reports on a DNS vulnerability in Mac OS 9 (and Classic) that could cause the system to crash when performing a reverse DNS lookup of a specific range of IPs.
If you do a reverse DNS lookup on this IP address, "18.104.22.168", under MacOS
9.x the machine will crash. This is true regardless of what program you use to
do the lookup (OTTool, href="http://www.interarchy.com/">Interarchy, href="http://summary.net/soft/dnstran.html">DNSTran, etc).
Remember to save your work before testing this for yourself!
This bug can be used to crash a Macintosh acting as a server, if DNS lookups are
enabled on the server. Anyone accessing such a site from that address will crash
the server. Looking up this address using a Classic application running under
MacOS X will crash Classic, although the rest of OS X will continue normally.
The DNS server responsible for this address is returning a slightly invalid
packet, but the machine shouldn't crash! Lookups of this address on MacOS X,
Windows, Linux, etc work normally.
I reported this problem to Apple on January 19th as bug #2844306, and it is also
listed under Radar ID 2846222. No information about a resolution, work around,
or patch has been forthcoming from Apple.
does not crash when looking up this address. It apparently does not use the
standard system call to do it's lookups.
Users of my products have reported that 22.214.171.124, 126.96.36.199, and
188.8.131.52 will also crash the Mac.