Apple Mac OS X mDNSresponder contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code.
mDNS uses IP multicast with DNS to provide the functionality of a DNS server for service discovery in networks that do not have a DNS server. mDNSResponder uses Multicast DNS Service Discovery for service discovery on the local network segment, and Unicast DNS Service Discovery for service discovery outside of the local network.
Bonjour provides zero-confirguation networking for Apple OS X. mDNSResponder is included as a part of Bonjour and runs as a system service. mDNSResponder is a included in OS X and Apple TV.
An attacker may be able to execute arbitrary code with root privileges, or create a denial of service condition.
Thanks to Apple for information that was used in this report. Apple thanks Michael Lynn of Juniper Networks for reporting this issue.
This document was written by Ryan Giobbi.
|Date First Published:||2007-05-25|
|Date Last Updated:||2007-06-20 17:46 UTC|