CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.3%
Apple Mac OS X contains a buffer overflow in vpnd
that could allow a local, authenticated attacker to execute arbitrary code with root privileges.
Mac OS X includes a VPN server called vpnd
, which is installed setuid root by default. vpnd
fails to validate the length of the Server_id
parameter. The Server_id
setting may be configured from the command line by using the -i
option. Server_id
is referenced by the com.apple.RemoteAccessServers.plist
file in the /Library/Preferences/SystemConfiguration
directory to load the appropriate configuration file. Using a specially crafted Server_id
parameter, an authenticated local attacker could execute arbitrary code with privileges of the vpnd
process.
Note that com.apple.RemoteAccessServers.plist
is only present by default on Mac OS X Server. On a standard Mac OS X install, the file must be created manually or by using the graphical network configuration tools.
A local, authenticated attacker could execute arbitrary code with root privileges.
Apply a patch
Apple advises all users to apply Apple Security Update 2005-005, which fixes this flaw and other critical security flaws.
Workarounds
Disallow non-root access to**vpnd**
Clear the execute bit of the vpnd
binary for non-root users.
706838
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: May 17, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Apple advises all users to apply Apple Security Update 2005-005.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23706838 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by Jason Aras.
This document was written by Will Dormann, based on the information provided in the iDEFENSE Security Advisory 05.04.05 .
CVE IDs: | CVE-2005-1343 |
---|---|
Severity Metric: | 9.38 Date Public: |