Vulnerability Note VU#870960

Apple Mac OS X PPP driver fails to properly validate PADI packets

Overview

The Apple Mac OS X PPP driver fails to properly handle PPPoE Active Discovery Initiation (PADI) packets. This vulnerability may allow a remote attacker to execute arbitrary code with system privileges.

I. Description

The Apple Mac OS X PPP driver fails to properly handle PADI packets allowing a buffer overflow to occur. An attacker on a local network may be able to trigger the overflow by sending a specially crafted packet to a vulnerable system that has PPPoE enabled.

Note Apple states that PPPoE functionality is disabled by default.

II. Impact

This vulnerability may allow a remote attacker to execute arbitrary code with system privileges.

III. Solution

Apply Apple Updates

Apple advises all users to apply Apple Security Update 2006-007, as it fixes this and other critical security flaws.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Apple Computer, Inc.	Vulnerable	29-Nov-2006

References

http://docs.info.apple.com/article.html?artnum=304829
http://secunia.com/advisories/23155/
http://labs.musecurity.com/advisories/MU-200611-01.txt

Credit

This vulnerability was reported in Apple Security Update 2006-007. Apple credits Mu Security with reporting this vulnerability.

This document was written by Jeff Gennari based on information from Apple and Mu Security.

Other Information

Date Public:	2006-11-28
Date First Published:	2006-11-29
Date Last Updated:	2006-11-30
CERT Advisory:
CVE-ID(s):	CVE-2006-4406
NVD-ID(s):	CVE-2006-4406
US-CERT Technical Alerts:
Metric:	13.23
Document Revision:	17

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader