{"vuid":"VU#870960","idnumber":"870960","name":"Apple Mac OS X PPP driver fails to properly validate PADI packets","keywords":["Apple","Mac","OS X","PPP","buffer overflow","arbitrary code execution","DoS","denial of service","PPPoE traffic","apple-2006-007"],"overview":"The Apple Mac OS X PPP driver fails to properly handle PPPoE Active Discovery Initiation (PADI) packets. This vulnerability may allow a remote attacker to execute arbitrary code with system privileges.","clean_desc":"The Apple Mac OS X PPP driver fails to properly handle PADI packets allowing a buffer overflow to occur. An attacker on a local network may be able to trigger the overflow by sending a specially crafted packet to a vulnerable system that has PPPoE enabled. Note Apple states that PPPoE functionality is disabled by default.","impact":"This vulnerability may allow a remote attacker to execute arbitrary code with system privileges.","resolution":"Apply Apple Updates\nApple advises all users to apply Apple Security Update 2006-007, as it fixes this and other critical security flaws.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported in Apple Security Update \n2006-007 Apple credits Mu Security with reporting this vulnerability.","author":"This document was written by Jeff Gennari based on information from Apple and Mu Security.","public":["http://docs.info.apple.com/article.html?artnum=304829","http://secunia.com/advisories/23155/","http://labs.musecurity.com/advisories/MU-200611-01.txt"],"cveids":["CVE-2006-4406"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-11-29T13:54:49Z","publicdate":"2006-11-28T00:00:00Z","datefirstpublished":"2006-11-29T17:32:36Z","dateupdated":"2006-11-30T16:26:28Z","revision":17,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"4","cam_widelyknown":"8","cam_exploitation":"0","cam_internetinfrastructure":"6","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"14","cam_attackeraccessrequired":"12","cam_scorecurrent":"13.23","cam_scorecurrentwidelyknown":"24.57","cam_scorecurrentwidelyknownexploited":"43.47","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":13.23,"vulnote":null}