Apple offers DHCP security workaround

Macworld - It's been recently noted that Mac OS X can be susceptible to a security problem involving malicious DHCP servers. The chances of the security issue affecting Mac users en masse is miniscule, but Apple Computer Inc. has posted details to its online Knowledgebase explaining how to circumvent potential problems.
According to a report from Carrel.org, a malicious response from a Dynamic Host Configuration Protocol (DHCP) server can grant root access on various versions of Mac OS X. DHCP is commonly used as an easy way to provide users on a network with TCP/IP addresses.
"In many cases, your Mac is protected from this kind of exploit because the malicious DHCP server has to be part of your local network, or 'subnet,'" said Apple in its recent tech note. "If your computers are the only ones on your local network and you have a broadband connection (DSL or cable service) with a Network Address Translation device -- such as an AirPort Base Station -- this exploit is not possible."
Carrel.org disputes that claim. "If you have not secured your network (especially a wireless network) against malicious devices connecting to it, you can be exploited even if you are using NAT since the attack happens behind the NAT on your local subnet," said William Carrel.
That chain of events would require someone to set up or hack a DHCP server on an exposed wireless network -- one with no password, for example, or one whose password had been compromised.
Regardless, Apple has offered steps that users concerned with this issue can take to make sure their Macs can't be exploited in this way. Steps include making sure that LDAP-based directory services are turned off, or making sure that search parameters for directory services are changed.