OSVDB ID: 29271

Title: Apple Mac OS X LoginWindow Fast User Switching Kerberos Ticket Disclosure

Info

Disclosure

Sep 27, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Mac OS X contains a flaw that may allow a malicious local user to access the Kerberos ticket of another user. The issue is triggered when Fast User Switching is enabled. It is possible that the flaw may allow arbitrary access to user credentials resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Authentication Management, Cryptographic
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Products

Apple Computer, Inc.	Mac OS X	10.4
		10.4.1
		10.4.2
		10.4.3
		10.4.4
		10.4.5
		10.4.6
		10.4.7

References

Security Tracker: 1016959
CVE ID: 2006-4393 (see also: NVD)
Bugtraq ID: 20271
Secunia Advisory ID: 22187
Related OSVDB ID: 29267 29268 29269 29270 29272 29273 29274 29275 29276
ISS X-Force ID: 29290
VUPEN Advisory: ADV-2006-3852
Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=304460

Credit

Ragnar Sundblad - Royal Institute of Technology, Stockholm, Sweden

Direct URL: http://osvdb.org/29271

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit