CVE-2007-0752
First published: Thu May 24 2007(Updated: )
The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Mac OS X Server | =10.4.8 | |
| Apple Mac OS X | =10.4.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537
- http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
- http://www.securityfocus.com/bid/24144
- http://www.osvdb.org/35144
- http://www.securitytracker.com/id?1018124
- http://secunia.com/advisories/25402
- http://www.vupen.com/english/advisories/2007/1939
- http://docs.info.apple.com/article.html?artnum=305530
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34503
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple mac os x server
- version/apple mac os x server/10.4.8
- canonical/apple mac os x
- version/apple mac os x/10.4.8