Apple iChat allows a remote denial of service due to permitting the addition of any advertised _presence._tcp records without verifying whether they already exist. The issue can be triggered when a remote malicious user on the same multicast network as other iChat users advertises multiple fake _presence._tcp records. This may lead to the attacker blocking those users from having reliable communications and finding additional peers in the network, resulting in a loss of availability for the iChat service.

Download and install Security Update 2007-002 (PPC) via Software Update preferences, or from Apple Downloads, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s):
- Do not use iChat with the Bonjour service.
or
- Disable mDNSResponder using the following (by author):
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo mv /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist \
/Users/Shared/com.apple.mDNSResponder.plist.BACKUP

• Security Tracker: 1017661
• CVE ID: 2007-0613 (see also: NVD)
• Bugtraq ID: 22304
• Secunia Advisory ID: 23945 24198
• Milw0rm: 3230
• Exploit Database: 3230
• Related OSVDB ID: 32698 32713 32714 32715
• Generic Informational URL: http://developer.apple.com/documentation/Cocoa/Conceptual/NetServices/Articles/about.html
  http://developer.apple.com/networking/bonjour/index.html
• Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=305102
• Mail List Post: http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.html
• Generic Exploit URL: http://projects.info-pull.com/moab/bug-files/MOAB-29-01-2007.rb
• Other Advisory URL: http://projects.info-pull.com/moab/MOAB-29-01-2007.html
• Vendor Specific Solution URL: http://www.apple.com/support/downloads/securityupdate2007002ppc.html

• Lance M. Havok - lmhinfo-pull.com -