Mac OS X < 10.4 pty Permission Weakness
Medium Nessus Plugin ID 18352
SynopsisThe remote version of the operating system contains a vulnerability which has been patched by the vendor in a newer release of the system
DescriptionThe remote host is running a version of Mac OS X which is older than version 10.4.
Versions older than 10.4 contain a security issue in the way they handle the permissions of pseudo terminals.
When an application uses a new pseudo terminal, it can not restrict its permissions to a safe mode. As a result, every created pseudo terminal has permissions 0666 set, which allows a local attacker to sniff the session of other users.
SolutionUpgrade to Mac OS X 10.4 or newer.