A vulnerability in Mac OS X may permit a local authenticated user with physical access to the machine to gain elevated privileges.
Mac OS X permits the remote authentication of users via directory sevices lookups. When a user logs in to a machine configured to use the Directory Services to provide authentication, it is possible to disconnect the machine's network connection and potentially be logged in with a Finder running as root. This gives the user full root permissions on the machine. Applications started in the session will also run as root.
This vulnerability affects Mac OS X 10.3 through 10.3.3.
A local authenticated user with physical access to the machine may be able to gain root privileges to the system.
Apple has resolved this issue in Mac OS X 10.3.4. A free upgrade is available at http://www.apple.com/support/downloads/.
Apple Computer Inc. Affected
Updated: June 21, 2004
The issue reported in Vulnerability Note VU#174790 affects Mac OS X versions 10.3 through 10.3.3. The issue has been fixed in Mac OS X 10.3.4 which is available as a free upgrade via http://www.apple.com/support/downloads/
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Thanks to Jim Foraker for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2004-06-21|
|Date Last Updated:||2004-07-21 17:04 UTC|