Mac OS X ftpd Buffer Overflow Vulnerability

Secunia Security is reporting that there is a venerability in Mac OS X 10.3.9 and 10.4.8 (though it may exist in other versions as well) that has the potential to allow remote execution of arbitrary code. The vulnerability is caused by an error that can happen when ftpd globs characters, causing a buffer overflow.

Luckily the FTP service must be running to be exploited, and OS X ships with FTP off by default. You can check your sharing preferences to make sure that you aren't running FTP (and while you are there you might as well turn on the software firewall if it isn't currently running).

[via the Mac Observer]