Multiple Apple iChat Bonjour DoS conditions - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Multiple Apple iChat Bonjour DoS conditions
Published: 01.02.2007
Source: MOAB
SecurityVulns ID: 7140
Type: client
Level: 5/10
Description: Multiple problems because of insecure dynamic DNS usage.

Affected: APPLE : iChat 3.1
CVE: CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.)
CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.)
CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.)

Original document MOAB, MOAB-29-01-2007: Apple iChat Bonjour Multiple Denial of Service Vulnerabilities (01.02.2007)

Files: basic proof of concept for Apple iChat Bonjour
Discuss: Read or add your comments to this news (0 comments)