A remote user can send specially crafted data to trigger a buffer overflow in the UPnP Internet Gateway Device Standardized Device Control Protocol code and execute arbitrary code on the target system. The code will run with the privileges of the target service.
"privileges of target service" == root Apple credits Michael Lynn of Juniper Networks with reporting this vulnerability.
Mike's fuzzing DNS again which is oh so Dan Kaminski-esque. update: My name is Billy, and I am retarded. This is UPnP. Too much Book, not enough sleep. Remote root in Mac OS-X |