OS X DirectoryService DoS {@stake adv: a041003-1}

[Neeko Oni <neeko () haackey com>]

(Ref: www.atstake.com/research/advisories/2003/a041003-1.txt)
(MacOS X DirectoryService Privilege Escalation and DoS attack)

> From the advisory:
> In order for an attacker to exploit this vulnerability, they must
> first cause DirectoryServices to terminate.  This can be done by
> simply connecting to port 625 repeatedly using an automated program. 

Ok, the PATH problem is self-explanatory (and has been exploited once
the DirectoryService process has crashed) but I've had some difficulty
reproducing the DoS attack claim.  I've got a 10.2.4 machine sitting
right next to me, I believe it's a stock install, but DirectoryService
doesn't bind 625.  DirectoryService doesn't bind any ports and
furthermore nothing binds 625 at all.

Has anyone reproduced the DoS in that advisory?


.Neeko Oni [neeko () haackey com]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html