Mac OS X pppd Format String Credential Leak

2004-02-23T00:00:00
ID OSVDB:6822
Type osvdb
Reporter JxT(jtibbs@secnetops.com), Dave G.(daveg@atstake.com)
Modified 2004-02-23T00:00:00

Description

Vulnerability Description

Mac OS X pppd contains a flaw that may allow a malicious user to read CHAP or PAP authentication credentials in the pppd process. The issue is due to a format string error in a format specifier function "option_error()". By sending a specially crafted command line argument, a local attacker can read arbitrary data in pppd process, including the user's PAP/CHAP authentication credentials. This flaw may lead to a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (Security Update 2004-02-23) to address this vulnerability.

Short Description

Mac OS X pppd contains a flaw that may allow a malicious user to read CHAP or PAP authentication credentials in the pppd process. The issue is due to a format string error in a format specifier function "option_error()". By sending a specially crafted command line argument, a local attacker can read arbitrary data in pppd process, including the user's PAP/CHAP authentication credentials. This flaw may lead to a loss of confidentiality.

References:

Vendor Specific Advisory URL Other Advisory URL: http://www.atstake.com/research/advisories/2004/a022304-1.txt ISS X-Force ID: 15297 CVE-2004-0165 CERT VU: 841742 Bugtraq ID: 9730