Apple Mac OS X vpnd格式字符串漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113049 漏洞类型 格式化字符串
发布时间 2007-05-29 更新时间 2007-05-30
CVE编号 CVE-2007-0753 CNNVD-ID CNNVD-200705-476
漏洞平台 OSX CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/30096
https://www.securityfocus.com/bid/24208
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200705-476
|漏洞详情
MacOSX是苹果家族计算机所使用的操作系统。AppleMacOSX的vpnd中存在格式化字符串漏洞。本地攻击者可以通过以特制参数运行vpnd命令触发这个漏洞,导致以系统权限执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/24208/info

Apple Mac OS X's VPN service daemon is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

Attackers may exploit this issue to crash the application or execute arbitrary code with superuser privileges. Successful exploits can result in a complete compromise of vulnerable computers.

Apple Mac OS X Server 10.4.9 and prior versions are vulnerable to this issue.

This issue was originally included in BID 24144 (Apple Mac OS X 2007-005 Multiple Security Vulnerabilities), but has been given its own record. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/30096.tar.gz
|受影响的产品
Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.
|参考资料

来源:XF
名称:macos-vpnd-format-string(34505)
链接:http://xforce.iss.net/xforce/xfdb/34505
来源:SECTRACK
名称:1018125
链接:http://www.securitytracker.com/id?1018125
来源:BID
名称:24208
链接:http://www.securityfocus.com/bid/24208
来源:BID
名称:24144
链接:http://www.securityfocus.com/bid/24144
来源:BUGTRAQ
名称:20070529Re:MacOSXvpndlocalformatstring
链接:http://www.securityfocus.com/archive/1/archive/1/469889/100/0/threaded
来源:BUGTRAQ
名称:20070529MacOSXvpndlocalformatstring
链接:http://www.securityfocus.com/archive/1/archive/1/469882/100/0/threaded
来源:OSVDB
名称:35143
链接:http://www.osvdb.org/35143
来源:VUPEN
名称:ADV-2007-1939
链接:http://www.frsirt.com/english/advisories/2007/1939
来源:SECUNIA
名称:25402
链接:http://secunia.com/advisories/25402
来源:APPLE
名称:APPLE-SA-2007-05-24
链接:http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
来源:docs.info.apple.com
链接:http://docs.info.apple.com/article.html?artnum=305530