Severity (1) MODERATE:
Apple MacOS X DHCP Response Root Compromise
Affected Products:
MacOS X version 10.2-10.3
MacOS X Server version 10.2-10.3
Description:
MacOS X is reported to contain a vulnerability in handling DHCP responses. The problem arises because the MacOS X trusts LDAP and NetInfo server information provided in a DHCP response from any DHCP server. The flaw can be exploited by an attacker running a malicious DHCP server to obtain root privileges on MacOS X systems. The attacker may need to wait for the MacOS X system to reboot before the vulnerable settings come into effect. The posted advisory shows how to configure a malicious DHCP and LDAP server to exploit the flaw. Note that MacOS X attempts to negotiate DHCP on all available interfaces including the wireless interfaces.
Status:
No fixes are available yet. Vendor has released possible workarounds.