Thursday, February 28, 2008

New Exploit: "ipcomp6_input()" Denial Of Service

Today Secunia posted in their weekly report a vulnerability in Mac OS X 10.5, and possibly earlier versions, that can be used in Denial Of Service (DoS) attacks. So far it remains unpatched by Apple. You can read the details

I seriously doubt this is going to affect much of anyone at this point in time as it requires the use of IPv6 packets. IPv6 is up and coming, but not yet in major use.

Secunia offer the following solution while we wait for a patch: "Use a firewall to block IPv6 packets containing an IPComp header." There are a couple complicated ways to do this on Mac OS X. The first is to go into the Mac OS X CLI (character line interface) and configure IPFW. You can read the man (manual) page of IPFW in the Terminal. The other method is to download WaterRoof HERE, which provides a GUI for IPFW. Neither method is for the faint of heart, and certainly not for an average Mac user. Have fun! :-D