Secunia Reports Mac OS X FTP Vulnerability

The security firm Secunia is reporting that it has uncovered a buffer overflow vulnerability in Mac OS Xis ftpd function. The report states that if a system is compromised with this exploit, an attacker could potentially execute arbitrary code on the machine or launch a denial of service attack.

The vulnerability affects Mac OS X 10.3.9 and 10.4.8, but other version of the operating system may be vulnerable, too.

The FTP sharing service built into Mac OS X is disabled by default. If you arenit sure if it is running on your Mac, hereis how to check:

  • Go to Apple menu > System Preferences to launch System Preferences.
  • Select the Sharing Preference Pane.

  • Disable FTP Access.
  • Click the Services tab.
  • Make sure that FTP Access is unchecked.

This potential exploit assumes that your Mac is visible to other computers on your network, or on the Internet. If you use a properly configured firewall to block your visibility on the Internet, itis unlikely that anyone outside of your local network will be able to find your Mac to attempt an attack.

There are no known reports of this exploit being used.