iDefense Security Advisory 05.24.07: Apple Computer Mac OS X pppd Plugin Loading Privilege Escalation Vulnerability

Apple Computer Mac OS X pppd Plugin Loading Privilege Escalation Vulnerability iDefense Security Advisory 05.24.07 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2007 I. BACKGROUND Apple Mac OS X pppd is a setuid root application that is used to establish and configure connections...

Mac OS X Multiple Vulnerabilities (Security Update 2007-005)

The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN C Tenable...

CVE-2007-0752

The PPP daemon pppd in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check...

CVE-2007-0752

The CVE-2007-0752 issue affects Apple Mac OS X pppd (PPP daemon) in Mac OS X 10.4.8. The vulnerability stems from an insufficient ownership check when processing the plugin command line option; a local user can load arbitrary plug-ins and gain root privileges by bypassing the stdin ownership veri...

CVE-2007-0752

The PPP daemon pppd in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check...