Mac OS X VPN Daemon (vpnd) -i Parameter Local Format String

2007-05-25T11:33:50
ID OSVDB:35143
Type osvdb
Reporter Chris Anley(chris@ngssoftware.com)
Modified 2007-05-25T11:33:50

Description

Vulnerability Description

A format string flaw exists in Mac OS X. vpnd fails to validate command-line data passed to the '-i' parameter resulting in a format string attack. With a specially crafted command-line argument, a local attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

A format string flaw exists in Mac OS X. vpnd fails to validate command-line data passed to the '-i' parameter resulting in a format string attack. With a specially crafted command-line argument, a local attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1018125 Secunia Advisory ID:25402 Related OSVDB ID: 35141 Related OSVDB ID: 35145 Related OSVDB ID: 35147 Related OSVDB ID: 35142 Related OSVDB ID: 35146 Related OSVDB ID: 35144 Other Advisory URL: http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-mac-os-x/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0414.html Mail List Post: http://lists.apple.com/archives/security-announce/2007/May/msg00004.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0410.html Mail List Post: http://lists.immunitysec.com/pipermail/dailydave/2007-May/004362.html Mail List Post: http://lists.immunitysec.com/pipermail/dailydave/2007-May/004363.html ISS X-Force ID: 34505 FrSIRT Advisory: ADV-2007-1939 CVE-2007-0753 Bugtraq ID: 24208 Bugtraq ID: 24144