View this article at: http://dev.macnn.com/articles/07/12/10/security.flaws.in.leopard
Monday, Dec 10, 2007 5:25pm

Security flaws surface in L...

A new denial of service (DoS) vulnerability has surfaced in Apple's Mac OS X Leopard operating system that can result in crashes, according to Heise Security. The flaw, which is an integer overflow in the load_threadstack function in mach_loader.c, occurs when processing Mach-O binaries and can lead to a kernel panic. Single user systems should not be at risk, according to the company, but multi-user setups are vulnerable because attackers do not require any special privileges to provoke the error.

Additionally, security website digit-labs.org has reported a DoS vulnerability in the VPN (Virtual Private Network) service in Mac OS X 10.5 where maliciously-crafted packets can cause the service to freeze. Demonstration exploits are available for both flaws, and no patches have been released to correct the problems.