Vulnerability Note VU#174790

Apple Mac OS X vulnerable to privilege escalation when using Directory Services

Overview

A vulnerability in Mac OS X may permit a local authenticated user with physical access to the machine to gain elevated privileges.

I. Description

Mac OS X permits the remote authentication of users via directory sevices lookups. When a user logs in to a machine configured to use the Directory Services to provide authentication, it is possible to disconnect the machine's network connection and potentially be logged in with a Finder running as root. This gives the user full root permissions on the machine. Applications started in the session will also run as root.

This vulnerability affects Mac OS X 10.3 through 10.3.3.

II. Impact

A local authenticated user with physical access to the machine may be able to gain root privileges to the system.

III. Solution

Apple has resolved this issue in Mac OS X 10.3.4. A free upgrade is available at http://www.apple.com/support/downloads/.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Apple Computer Inc.	Vulnerable	21-Jun-2004

References

http://docs.info.apple.com/article.html?artnum=61798
http://www.apple.com/support/downloads/
http://www.securityfocus.com/bid/10432
http://securitytracker.com/alerts/2004/May/1010330.html

Credit

Thanks to Jim Foraker for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

Date Public:	2004-05-28
Date First Published:	2004-06-21
Date Last Updated:	2004-07-21
CERT Advisory:
CVE-ID(s):	CAN-2004-0514
NVD-ID(s):	CAN-2004-0514
US-CERT Technical Alerts:
Metric:	0.24
Document Revision:	8

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader