Mu Finds Vulnerability
Mu identifies pre-authentication vulnerability in Mac OS X kernel PPP driver
SUNNYVALE, Calif. -- Product Overview: PPP is the protocol used for establishing internet links over dial-up modems, DSL connections, and many other types of point-to-point links. The PPPD daemon works together with the kernel PPP driver to establish and maintain a PPP link with another system (called the peer) and to negotiate IP addresses for each end of the link. PPPD can also authenticate the peer and/or supply authentication information to the peer. PPP can be used with other network protocols besides IP, but such use is becoming increasingly rare.
Vulnerability Details: The network kernel extension com.apple.nke.pppoe that works concurrently with the PPPD has a critical vulnerability that may lead to arbitrary code execution with system privileges. The vulnerability is triggered by sending a malformed PADI packet with invalid lengths to the PPP daemon. PADI is the first message in a PPPoE link establishment and requires no credentials. In addition, the MAC address of the sender can be spoofed. Users of PPP who do not create PPPoE connections are not at risk of attack. PPPoE is also not enabled by default.
About the Author
You May Also Like
Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024