Apple MacOS X DHCP Response Root Compromise Vulnerability

Apple MacOS X DHCP Response Root Compromise Vulnerability

It has been reported that Apple MacOS X may be prone to a vulnerability that may allow an attacker to gain root access to a vulnerable system via DHCP responses.

It has been reported that systems running MacOS X attempt to negotiate DHCP on all available interfaces. If a network is not found, and that system is implementing the use of wireless connectivity, then that system will attempt to connect to any network in order to obtain an address. The system will also attempt to connect to an LDAP or NetInfo server on the network by using DHCP provided fields. The vulnerable host is reported to implicitly trust the server for correct information. It has also been reported that an attacker may set up a malicious server and thereby be able to login to a vulnerable system using any login name and a user id (uid) of 0 in response to DHCP lease requests.