PT-2007-2204 · Apple · Macos X
Chris Anley
·
Published
2007-05-24
·
Updated
2018-10-16
·
CVE-2007-0753
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mac OS X versions 10.3.9 through 10.4.9
Description
A format string issue in the VPN daemon allows local users to execute arbitrary code via the
-i parameter, specifically the username variable. This could potentially lead to unauthorized access and code execution.Recommendations
For Mac OS X versions 10.3.9 through 10.4.9, avoid using the
-i parameter in the VPN daemon until a fix is available. As a temporary workaround, consider restricting access to the VPN daemon to minimize the risk of exploitation.Exploit
Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Macos X