OSVDB ID: 34848

Title: Apple Mac OS X DirectoryService (DS Plug-Ins) Authentication Feature Remote Privilege Escalation

Info

Disclosure

Mar 14, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an unspecified DirectoryService implementation flaw that allows an unprivileged LDAP user to change the root password. This flaw may lead to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Products

Apple Computer, Inc.	Mac OS X	10.3.x
		10.4
		10.4.1
		10.4.2
		10.4.3
		10.4.4
		10.4.5
		10.4.6
		10.4.7
		10.4.8

References

Security Tracker: 1017751
CVE ID: 2007-0723 (see also: NVD)
Bugtraq ID: 22948
Secunia Advisory ID: 24479
Related OSVDB ID: 34845 34846 34847 34849 34850 34851 34852 34853 34854 34855
CERT VU: 557064
VUPEN Advisory: ADV-2007-0930
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=305214
News Article: http://news.com.com/Apple+megapatch+plugs+45+security+holes/2100-1002_3-6166971.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/34848

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit