Vulnerability Note VU#706838
Apple Mac OS X vulnerable to buffer overflow via vpnd daemon
Apple Mac OS X contains a buffer overflow in vpnd that could allow a local, authenticated attacker to execute arbitrary code with root privileges.
Mac OS X includes a VPN server called vpnd, which is installed setuid root by default. vpnd fails to validate the length of the Server_id parameter. The Server_id setting may be configured from the command line by using the -i option. Server_id is referenced by the com.apple.RemoteAccessServers.plist file in the /Library/Preferences/SystemConfiguration directory to load the appropriate configuration file. Using a specially crafted Server_id parameter, an authenticated local attacker could execute arbitrary code with privileges of the vpnd process.
Note that com.apple.RemoteAccessServers.plist is only present by default on Mac OS X Server. On a standard Mac OS X install, the file must be created manually or by using the graphical network configuration tools.
A local, authenticated attacker could execute arbitrary code with root privileges.
Apply a patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||-||17 May 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by Jason Aras.
This document was written by Will Dormann, based on the information provided in the iDEFENSE Security Advisory 05.04.05 .
- CVE IDs: CAN-2005-1343
- Date Public: 03 May 2005
- Date First Published: 16 May 2005
- Date Last Updated: 24 May 2005
- Severity Metric: 9.38
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.