Apple Mac OS X Point-to-Point Protocol daemon contains a format string vulnerability in the handling of invalid command line arguments.
The Point-to-Point Protocol (PPP) provides a method for transmitting datagrams over serial point-to-point links. There is a format string vulnerability in the Mac OS X Point-to-Point Protocol daemon (pppd). When pppd receives an invalid command line argument, this argument is passed to the fslprintf() function. This function accepts input without properly specifying a format string.
According to @stake:
The complete impact of this vulnerability is not yet known. However, exploitation may lead to the ability to read arbitrary data out of pppd's process. This data may contain CHAP or PAP authentication credentials.
Apple has released a patch to address this vulnerability. For further details, please see the Apple Security Advisory (Security Update 2004-02-23).
This vulnerability was reported by Dave G. of @stake and Justin Tibbs of Secure Network Operations (SRT).
This document was written by Damon Morda.
|Date First Published:||2004-02-26|
|Date Last Updated:||2004-02-26 15:23 UTC|