Description
The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.
Exploits (1)
References (9)
Core 9
Core References
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=305530
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018124
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1939
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25402
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34503
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24144
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/35144
Vendor Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537
Scores
EPSS
0.0024
EPSS Percentile
46.7%
Details
Status
published
Products (2)
apple/mac_os_x
10.4.8
apple/mac_os_x_server
10.4.8
Published
May 24, 2007
Tracked Since
Feb 18, 2026