Title: Apple Mac OS X VPND Remote Denial of Service Vulnerability
Severity: MODERATE
Description:
The virtual private network daemon ('vpnd') is a VPN service daemon for L2TP over IPSec or PPTP VPNs.
Apple Mac OS X is prone to a remote denial-of-service vulnerability because 'vpnd' fails to handle malicious network packets. When the daemon processes a malicious packet, an arithmetic exception occurs in the 'accept_connections()' function, causing the daemon to crash.
An attacker can exploit this issue to crash affected computers, denying service to legitimate users.
This issue affects Apple Mac OS X 10.5; other versions may also be affected.
Affected Products:
- Apple Mac OS X 10.5
- Apple Mac OS X 10.5.1
- Apple Mac OS X 10.5.2
- Apple Mac OS X 10.5.3
- Apple Mac OS X Server 10.5
- Apple Mac OS X Server 10.5.1
- Apple Mac OS X Server 10.5.2
- Apple Mac OS X Server 10.5.3
References:
- Apple: About the security content of Security Update 2008-004 and Mac OS X 10.5.4
- Apple: Apple Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
