Security Update 2007-005

Apple’s iChat application could incur a buffer overflow vulnerability in the UpnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create port mappings. An attacker on the local network could cause the overflow and lead to unexpected application exit or arbitrary code execution, as well as a denial of service attack.

Another denial of service and arbitrary code execution vulnerability has also been found in the UPnP IGD code used to create portmaps in OS X mDNSResponder home NAT gateways. Like the iChat-related issue, an attacker could cause from local network overflow with consequent unexpected termination of the application or arbitrary code execution, as well as denial of service.

Both problems have been solved by incorporating additional validation procedures during UPnP packet processing.

Other issues related to vpnd and the ppp daemon, which allowed a local user to gain system privileges, have also been fixed, as well as denial of service vulnerabilities in the Ruby CGI library.

Other aspects of the system’s operation have also been improved, related to BIND, CoreGraphics, crontabs, fetchmail and texinfo among others.

The update is available through the Mac OS X update mechanism.