Apple Mac OS X PPPD Format String Memory Disclosure Vulnerability

The Apple Mac OS X pppd has been reported to be prone to a format string vulnerability. When the ppp daemon processes an invalid command line argument, a function, error(), is called on the user-supplied data. Format specifiers that are contained within the supplied data will be interpreted literally, providing an attacker a conduit to read from pppd process memory.


Privacy Statement
Copyright 2010, SecurityFocus