SLP daemon targeted by Apple bug hunters

User Rating: / 0
PoorBest 

by Stephen Withers

Friday, 19 January 2007

! Day 17 of the Month of Apple Bugs brought word of a vulnerability in slpd, the SLP daemon used to advertise services such as file sharing to the network. Related stories MacBook touch - here's hoping it's not a pipe dream Dark matter and ordinary matter separate as two massive galaxies collide Google Gears up Safari support Psystar Wars: Attack of the Clones New iPods coming September 9th, but no new MacBook? Programs that make services available can register themselves with slpd, but it is possible for a malicious program to send a malformed registration request that causes a buffer overflow, "leading to an exploitable denial of service condition and potential arbitrary execution", according to the advisory. The suggested workaround is to "Disable Personal file sharing and ensure slpd isn't running", but if SLP is disabled using the Directory Access utility before starting personal file sharing, slpd does not run and file sharing still works. iChat's use of Bonjour for setting up chat sessions across a LAN is similarly unaffected in this configuration, but other software relying on slpd may fail if the daemon is not running.{moscomment} Please enable JavaScript in your browser to post your comment! Tags See All Tags Apple  Machine-to-Machine  Macintosh  Security  Software  Stephen Withers  Get stories like this delivered daily - FREE - subscribe now

 

< Next story in category		Previous story in the category >