OSVDB ID: 20429

Title: Apple Mac OS X memberd Membership Modification Delay Access Restriction Bypass

Info

Disclosure

Oct 28, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Mac OS X Server contains a flaw that may allow a malicious user to bypass access restrictions. The problem is that the membership daemon (memberd) does not immediately reflect access control changes, which may allow a malicious user to gain access to files and other resources resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 10.4.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Computer, Inc.

Mac OS X Server

10.4.2

References

Security Tracker: 1015125
Secunia Advisory ID: 17368
CVE ID: 2005-2751 (see also: NVD)
Related OSVDB ID: 20427 20428 20430 20431
Keyword: APPLE-SA-2005-10-31
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0386.html
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=302763
Vendor URL: http://www.apple.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/20429