Atstake Security Advisory A022304-1 – The ppp daemon that comes installed by default in Mac OS X is vulnerable to a format string vulnerability. It is possible to read arbitrary data out of pppd’s process. Under certain circumstances, it is also possible to ‘steal’ PAP/CHAP authentication credentials.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/32753/a022304-1.txt
Source: https://packetstormsecurity.com/files/32753/Atstake-Security-Advisory-04-02-23.1.html