OSVDB ID: 29273

Title: Apple Mac OS X Preferences Account Manipulation WebObjects Application Privilege Persistence

Info

Disclosure

Sep 27, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the account option "Allow user to administer this computer" is unchecked, but the user is not removed from the appserveradm or appserverusr groups. This flaw may allow a non-administrative user to administer WebObjects applications, leading to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Authentication Management, Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Products

Apple Computer, Inc.	Mac OS X	10.4
		10.4.1
		10.4.2
		10.4.3
		10.4.4
		10.4.5
		10.4.6
		10.4.7

References

Security Tracker: 1016955
CVE ID: 2006-4387 (see also: NVD)
Bugtraq ID: 20271
Secunia Advisory ID: 22187
Related OSVDB ID: 29267 29268 29269 29270 29271 29272 29274 29275 29276
ISS X-Force ID: 29296
VUPEN Advisory: ADV-2006-3852
Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=304460

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/29273

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit