Vulnerability Details CVE-2007-0752
The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.5%
CVSS Severity
CVSS v2 Score 7.2
References
- http://docs.info.apple.com/article.html?artnum=305530
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537
- http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
- http://secunia.com/advisories/25402
- http://www.osvdb.org/35144
- http://www.securityfocus.com/bid/24144
- http://www.securitytracker.com/id?1018124
- http://www.vupen.com/english/advisories/2007/1939
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34503
- http://docs.info.apple.com/article.html?artnum=305530
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537
- http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
- http://secunia.com/advisories/25402
- http://www.osvdb.org/35144
- http://www.securityfocus.com/bid/24144
- http://www.securitytracker.com/id?1018124
- http://www.vupen.com/english/advisories/2007/1939
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34503
Products affected by CVE-2007-0752
-
cpe:2.3:o:apple:mac_os_x:10.4.8
-
cpe:2.3:o:apple:mac_os_x_server:10.4.8