CVE-2007-0752

{"id": "CVE-2007-0752", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-05-24T22:30:00.000", "references": [{"url": "http://docs.info.apple.com/article.html?artnum=305530", "source": "cve@mitre.org"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25402", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/35144", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24144", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018124", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1939", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34503", "source": "cve@mitre.org"}, {"url": "http://docs.info.apple.com/article.html?artnum=305530", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25402", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/35144", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/24144", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1018124", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/1939", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34503", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check."}, {"lang": "es", "value": "El demonio PPP (pppd) en el Apple Mac OS X 10.4.8 comprueba la propiedad del descriptor del fichero stdin para determinar si el solicitante tiene suficientes privilegios, lo que permite a usuarios locales cargar extensiones de su elecci\u00f3n y obtener privilegios de administrador evitando estas comprobaciones."}], "lastModified": "2024-11-21T00:26:39.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "504D78AB-5374-48C9-B357-DB6BD2267D2D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}