Vulnerability Description
The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | 10.4.8 |
| Apple | Mac Os X Server | 10.4.8 |
References
- http://docs.info.apple.com/article.html?artnum=305530
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537Vendor Advisory
- http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
- http://secunia.com/advisories/25402
- http://www.osvdb.org/35144
- http://www.securityfocus.com/bid/24144
- http://www.securitytracker.com/id?1018124
- http://www.vupen.com/english/advisories/2007/1939
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34503
- http://docs.info.apple.com/article.html?artnum=305530
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537Vendor Advisory
- http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
- http://secunia.com/advisories/25402
- http://www.osvdb.org/35144
- http://www.securityfocus.com/bid/24144
FAQ
What is CVE-2007-0752?
CVE-2007-0752 is a vulnerability with a CVSS score of 7.2 (HIGH). The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins a...
How severe is CVE-2007-0752?
CVE-2007-0752 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0752?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server.