Wednesday, May 30, 2007

Mac OS X < 2007-005 (vpnd) Local Privilege Escalation Exploit

Security Update 2007-005

CVE-ID: CVE-2007-0753

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9,Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A local user may obtain system privileges

Description: A format string vulnerability exists in vpnd. By running the vpnd command with maliciously crafted arguments, a local user can trigger the vulnerability which may lead to arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of the arguments passed to vpnd. Credit to Chris Anley of NGSSoftware for reporting this issue.

Exploit =

No comments:

Post a Comment