Mac OS X NetInfo Manager Inaccurate Root Account Status

2004-10-04T00:00:00
ID OSVDB:10498
Type osvdb
Reporter OSVDB
Modified 2004-10-04T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may lead an administrator to believe that the root account is disabled when it is not. After the root account has been logged in one time, it is no longer possible to disable the account with NetInfo Manager, although the tool will report that the account is disabled. It is possible that the flaw may allow an unauthorized root account to remain enabled resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may lead an administrator to believe that the root account is disabled when it is not. After the root account has been logged in one time, it is no longer possible to disable the account with NetInfo Manager, although the tool will report that the account is disabled. It is possible that the flaw may allow an unauthorized root account to remain enabled resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1011530 Secunia Advisory ID:12690 ISS X-Force ID: 17594 CVE-2004-0924 CIAC Advisory: p-002 Bugtraq ID: 11322