Vulnerability Note VU#221876
Apple Mac OS X mDNSResponder buffer overflow vulnerability
Apple Mac OS X mDNSresponder contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code.
mDNS uses IP multicast with DNS to provide the functionality of a DNS server for service discovery in networks that do not have a DNS server. mDNSResponder uses Multicast DNS Service Discovery for service discovery on the local network segment, and Unicast DNS Service Discovery for service discovery outside of the local network.
Bonjour provides zero-confirguation networking for Apple OS X. mDNSResponder is included as a part of Bonjour and runs as a system service. mDNSResponder is a included in OS X and Apple TV.
An attacker may be able to execute arbitrary code with root privileges, or create a denial of service condition.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||25 May 2007|
CVSS Metrics (Learn More)
Thanks to Apple for information that was used in this report. Apple thanks Michael Lynn of Juniper Networks for reporting this issue.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2007-2386
- Date Public: 24 May 2007
- Date First Published: 25 May 2007
- Date Last Updated: 20 Jun 2007
- Severity Metric: 6.09
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.