Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0165

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0165
Last Modified 10 Sep 2008 03:25:20
Published 15 Mar 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0165

Summary

Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.1

  • Apple Mac Os X 10.1.1

  • Apple Mac Os X 10.1.2

  • Apple Mac Os X 10.1.3

  • Apple Mac Os X 10.1.4

  • Apple Mac Os X 10.1.5

  • Apple Mac Os X 10.2

  • Apple Mac Os X 10.2.1

  • Apple Mac Os X 10.2.2

  • Apple Mac Os X 10.2.3

  • Apple Mac Os X 10.2.4

  • Apple Mac Os X 10.2.5

  • Apple Mac Os X 10.2.6

  • Apple Mac Os X 10.2.7

  • Apple Mac Os X 10.2.8

  • Apple Mac Os X 10.3

  • Apple Mac Os X 10.3.1

  • Apple Mac Os X 10.3.2

  • Apple Mac Os X Server 10.1

  • Apple Mac Os X Server 10.1.1

  • Apple Mac Os X Server 10.1.2

  • Apple Mac Os X Server 10.1.3

  • Apple Mac Os X Server 10.1.4

  • Apple Mac Os X Server 10.1.5

  • Apple Mac Os X Server 10.2

  • Apple Mac Os X Server 10.2.1

  • Apple Mac Os X Server 10.2.2

  • Apple Mac Os X Server 10.2.3

  • Apple Mac Os X Server 10.2.4

  • Apple Mac Os X Server 10.2.5

  • Apple Mac Os X Server 10.2.6

  • Apple Mac Os X Server 10.2.7

  • Apple Mac Os X Server 10.2.8

  • Apple Mac Os X Server 10.3

  • Apple Mac Os X Server 10.3.1

  • Apple Mac Os X Server 10.3.2


References

CERT-VN - VU#841742

BID - 9730

ATSTAKE - A022304-1

XF - macos-pppd-format-string(15297)

OSVDB - 6822

APPLE - APPLE-SA-2004-02-23


Last Updated: 27 May 2016 10:38:30