CVE-2007-0753
published 2007-05-24CVE-2007-0753: Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.
PriorityP432high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.93%
56.1th percentile
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple Mac OSX < 2007-005 - 'vpnd' Local Privilege Escalation
exploitdb·2007-05-30·CVSS 7.2
CVE-2007-0753 [HIGH] Apple Mac OSX < 2007-005 - 'vpnd' Local Privilege Escalation
Apple Mac OSX
#
# CVE-ID: CVE-2007-0753 - http://docs.info.apple.com/article.html?artnum=305530
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/4013.tar.gz (05302007-vpenis.tar.gz)
# milw0rm.com [2007-05-30]
Exploit-DB
Apple Mac OSX 10.4.9 - VPND Local Format String
exploitdb·2007-05-29
CVE-2007-0753 Apple Mac OSX 10.4.9 - VPND Local Format String
Apple Mac OSX 10.4.9 - VPND Local Format String
---
source: https://www.securityfocus.com/bid/24208/info
Apple Mac OS X's VPN service daemon is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
Attackers may exploit this issue to crash the application or execute arbitrary code with superuser privileges. Successful exploits can result in a complete compromise of vulnerable computers.
Apple Mac OS X Server 10.4.9 and prior versions are vulnerable to this issue.
This issue was originally included in BID 24144 (Apple Mac OS X 2007-005 Multiple Security Vulnerabilities), but has been given its own record.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/ra
No writeups or analysis indexed.
http://docs.info.apple.com/article.html?artnum=305530http://lists.apple.com/archives/security-announce/2007/May/msg00004.htmlhttp://secunia.com/advisories/25402http://www.osvdb.org/35143http://www.securityfocus.com/archive/1/469882/100/0/threadedhttp://www.securityfocus.com/archive/1/469889/100/0/threadedhttp://www.securityfocus.com/bid/24144http://www.securityfocus.com/bid/24208http://www.securitytracker.com/id?1018125http://www.vupen.com/english/advisories/2007/1939https://exchange.xforce.ibmcloud.com/vulnerabilities/34505http://docs.info.apple.com/article.html?artnum=305530http://lists.apple.com/archives/security-announce/2007/May/msg00004.htmlhttp://secunia.com/advisories/25402http://www.osvdb.org/35143http://www.securityfocus.com/archive/1/469882/100/0/threadedhttp://www.securityfocus.com/archive/1/469889/100/0/threadedhttp://www.securityfocus.com/bid/24144http://www.securityfocus.com/bid/24208http://www.securitytracker.com/id?1018125http://www.vupen.com/english/advisories/2007/1939https://exchange.xforce.ibmcloud.com/vulnerabilities/34505
2007-05-24
Published