SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#841742

Apple Mac OS X Point-to-Point Protocol daemon (pppd) contains format string vulnerability

Overview

Apple Mac OS X Point-to-Point Protocol daemon contains a format string vulnerability in the handling of invalid command line arguments.

I. Description

The Point-to-Point Protocol (PPP) provides a method for transmitting datagrams over serial point-to-point links. There is a format string vulnerability in the Mac OS X Point-to-Point Protocol daemon (pppd). When pppd receives an invalid command line argument, this argument is passed to the fslprintf() function. This function accepts input without properly specifying a format string.

According to @stake:

    The vulnerability is in a function specific to pppd that does not allow for traditional exploitation (arbitrary data written to arbitrary memory locations) via %n. However, it is possible to read arbitrary data out of pppd's process. Under certain circumstances, it is also possible to 'steal' PAP/CHAP authentication credentials.

II. Impact

The complete impact of this vulnerability is not yet known. However, exploitation may lead to the ability to read arbitrary data out of pppd's process. This data may contain CHAP or PAP authentication credentials.

III. Solution

Apply Patch

Apple has released a patch to address this vulnerability. For further details, please see the Apple Security Advisory (Security Update 2004-02-23).

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Vulnerable25-Feb-2004

References


http://www.atstake.com/research/advisories/2004/a022304-1.txt
http://www.apple.com/support/security/security_updates.html

Credit

This vulnerability was reported by Dave G. of @stake and Justin Tibbs of Secure Network Operations (SRT).

This document was written by Damon Morda.

Other Information

Date Public:2004-02-24
Date First Published:2004-02-26
Date Last Updated:2004-02-26
CERT Advisory: 
CVE-ID(s):CAN-2004-0165
NVD-ID(s):CAN-2004-0165
US-CERT Technical Alerts: 
Metric:3.90
Document Revision:12

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader