Mac OS X PPP Daemon (pppd) Local Privilege Escalation

2007-05-25T11:33:50
ID OSVDB:35144
Type osvdb
Reporter OSVDB
Modified 2007-05-25T11:33:50

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the pppd plugin command-line option is used by a local attacker, which does not properly check if the local user has root privileges. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the pppd plugin command-line option is used by a local attacker, which does not properly check if the local user has root privileges. This flaw may lead to a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1018124 Secunia Advisory ID:25402 Related OSVDB ID: 35141 Related OSVDB ID: 35143 Related OSVDB ID: 35145 Related OSVDB ID: 35147 Related OSVDB ID: 35142 Related OSVDB ID: 35146 Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537 Mail List Post: http://lists.apple.com/archives/security-announce/2007/May/msg00004.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0378.html ISS X-Force ID: 34503 FrSIRT Advisory: ADV-2007-1939 CVE-2007-0752 Bugtraq ID: 24144