CVE Vulnerability

CVE-2007-0752

The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537 Vendor Advisory
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
http://www.securityfocus.com/bid/24144
http://www.osvdb.org/35144
http://www.securitytracker.com/id?1018124
http://secunia.com/advisories/25402
http://www.vupen.com/english/advisories/2007/1939
http://docs.info.apple.com/article.html?artnum=305530
https://exchange.xforce.ibmcloud.com/vulnerabilities/34503
Configurations

Configuration 1

cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
Information

Published : 2007-05-24 10:30

Updated : 2017-07-29 01:30

NVD link : CVE-2007-0752

Mitre link : CVE-2007-0752

Products Affected
No products.
CWE
NVD-CWE-Other