Contributed by jose on from the panic! dept.
This one affected a lot of BSD systems, including OS X. No sense in not patching. It's fixed in 3.3-stable and 3.2-stable. Patches (from errata ):
Update : The advisory is now out.
Date: Mon, 06 Oct 2003 16:45:36 -0600 From: Todd C. Miller
To: security-announce@OpenBSD.org Subject: ARP-based denial of service attack Under certain circumstances, an attacker may be able to mount a denial of service attack against a machine by flooding it with bogus ARP requests. This can lead to resource starvation, ultimately resulting in a kernel panic. The problem was reported by Apple Computer; for more info, see: http://www.securityfocus.com/bid/8689/discussion A fix has been committed to the OpenBSD 3.2 and 3.3 -stable branches. Patches are also available for OpenBSD 3.2 and 3.3. Patch for OpenBSD 3.2: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/021_arp.patch Patch for OpenBSD 3.3: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch
(Comments are closed)