29272 : Apple Mac OS X LoginWindow Network Account Access Bypass
Printer | http://osvdb.org/29272 | Email This | Edit Vulnerability

Views This Week

Views All Time

360

Info

Last Modified

8 months ago

Percent Complete

90%

Disclosure

Sep 27, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Mac OS X contains a flaw that may allow a user to bypass login restrictions. The issue is triggered when controls are used to restrict which users are allowed to login via loginwindow, and network accounts without GUIDs are not subject to the restriction. It is possible that the flaw may allow unauthorized login resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Authentication Management, Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Products

Apple Computer, Inc.	Mac OS X	10.4
		10.4.1
		10.4.2
		10.4.3
		10.4.4
		10.4.5
		10.4.6
		10.4.7

References

Security Tracker: 1016959
CVE ID: 2006-4394 (see also: NVD)
Bugtraq ID: 20271
Secunia Advisory ID: 22187
Related OSVDB ID: 29267 29268 29269 29270 29271 29273 29274 29275 29276
ISS X-Force ID: 29293
CERT VU: 897628
FrSIRT Advisory: ADV-2006-3852
Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=304460
CERT: TA06-275A

Tools & Filters

Nessus	22476 22479

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Tools & Filters

Credit

Blogs

Comments