SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Ppp Vendors:  Apple Computer
Mac OS X pppd Format String Error Discloses Memory to Local Users
SecurityTracker Alert ID:  1009183
CVE Reference:  CAN-2004-0165   (Links to External Site)
Date:  Feb 24 2004
Impact:  Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  @Stake - L0pht
Version(s): 2.4.0
Description:  A format string vulnerability was reported in pppd on Mac OS X. A local user can obtain PAP/CHAP authentication credentials.

@stake reported that a local user can read arbitrary data from the pppd process memory space. In certain cases where the target system is used as a ppp server, a local user can view PAP/CHAP authentication credentials, the report said.

The flaw reportedly resides in the option_error __V() function in some Apple-specific code.

The original advisory is available at:

http://www.atstake.com/research/advisories/2004/a0223 04-1.txt
Impact:  A local user can view information from the pppd process memory, potentially including authentication credentials.
Solution:  As fix is available as part of Security Update 2004-02-23 for Mac OS X 10.3.2 and Mac OS X 10.2.8.

Security Update 2004-02-23 is available at:

* Software Update pane in System Preferences (Mac OS X 10.3.2 and Mac OS X 10.2.8)

* Apple's Software Downloads web site:

Mac OS X 10.3.2 Client
======================
http://www.info.apple.com/kbnum/n120323
The download file is named: "SecUpd2004-02-23Pan.dmg"
Its SHA-1 digest is: dfe48ca16839e693674cf55995986f11d8282777

Mac OS X 10.3.2 Server
======================
http://www.info.apple.com/kbnum/n120324
The download file is named: "SecUpdSrvr2004-02-23Pan.dmg"
Its SHA-1 digest is: cde0a40abe3c1451458b15c01b73910b18bc4530

Mac OS X 10.2.8 Client
======================
http://www.info.apple.com/kbnum/n120277
The download file is named: "SecUpd2004-02-23Jag.dmg"
Its SHA-1 digest is: 4ec49f05f206649353ae20edd9b87ddb0b42a84b

Mac OS X 10.2.8 Server
======================
http://www.info.apple.com/kbnum/n120322
The download file is named: "SecUpdSrvr2004-02-23Jag.dmg"
Its SHA-1 digest is: 79617234d288d45208531622a38f307a978f82d7
Vendor URL:  www.apple.com/ (Links to External Site)
Cause:  Input validation error, State error
Underlying OS:  UNIX (OS X)
Underlying OS Comments:  10.3.2 and prior versions
Reported By:  "Advisories" <advisories@atstake.com>
Message History:   None.

 Source Message Contents

 

[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC