CVE-2007-0752

Sažetak

The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.

Reference

http://docs.info.apple.com/article.html?artnum=305530
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
http://secunia.com/advisories/25402
http://www.osvdb.org/35144
http://www.securityfocus.com/bid/24144
http://www.securitytracker.com/id?1018124
http://www.vupen.com/english/advisories/2007/1939
https://exchange.xforce.ibmcloud.com/vulnerabilities/34503

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-07-2017 - 01:30

Objavljeno

24-05-2007 - 22:30