Lucene search

[email protected]CVE-2007-0752

HistoryMay 24, 2007 - 10:30 p.m.

CVE-2007-0752

2007-05-2422:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

ppp daemon

pppd

apple

mac os x

vulnerability

cve-2007-0752

privilege escalation

nvd

6.4 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.

CPENameOperatorVersion
apple:mac_os_x_serverapple mac os x servereq10.4.8
apple:mac_os_xapple mac os xeq10.4.8

CPE	Name	Operator	Version
apple:mac_os_x_server	apple mac os x server	eq	10.4.8
apple:mac_os_x	apple mac os x	eq	10.4.8

References

docs.info.apple.com/article.html?artnum=305530

labs.idefense.com/intelligence/vulnerabilities/display.php?id=537

lists.apple.com/archives/security-announce/2007/May/msg00004.html

secunia.com/advisories/25402

www.osvdb.org/35144

www.securityfocus.com/bid/24144

www.securitytracker.com/id?1018124

www.vupen.com/english/advisories/2007/1939

exchange.xforce.ibmcloud.com/vulnerabilities/34503

6.4 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2007-0752

prion1 securityvulns1 seebug1 nessus1