Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0752Apple MAC OS X vulnerability

3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 53.21%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedMay 24
Latest updateMay 1

Description

The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDapple/mac_os_x10.4.8

🔴Vulnerability Details

1
GHSA
GHSA-9qcg-7rfv-9wwg: The PPP daemon (pppd) in Apple Mac OS X 102022-05-01

💥Exploits & PoCs

1
Exploit-DB
Apple Mac OSX 10.4.8 - pppd Plugin Loading Privilege Escalation2007-05-25
CVE-2007-0752 — Apple MAC OS X vulnerability | cvebase