CVE-2007-0752 - The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to dete

CVE-2007-0752

Summary

The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.

References

Vulnerable Configurations

cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

apple	APPLE-SA-2007-05-24
bid	24144
confirm	http://docs.info.apple.com/article.html?artnum=305530
idefense	20070524 Apple Computer Mac OS X pppd Plugin Loading Privilege Escalation Vulnerability
osvdb	35144
sectrack	1018124
secunia	25402
vupen	ADV-2007-1939
xf	macos-pppd-privilege-escalation(34503)

Last major update

29-07-2017 - 01:30

Published

24-05-2007 - 22:30

Last modified

29-07-2017 - 01:30