Mac OS X LoginWindow Arbitrary Kerberos Ticket Disclosure

2006-09-27T16:18:57
ID OSVDB:29270
Type osvdb
Reporter Patrick Gallagher()
Modified 2006-09-27T16:18:57

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious local user to access the Kerberos ticket of another user. The issue is triggered when a user unsuccessfully attempts to log in to a network account via loginwindow, and the Kerberos ticket is not destroyed. It is possible that the flaw may allow arbitrary access to credentials resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious local user to access the Kerberos ticket of another user. The issue is triggered when a user unsuccessfully attempts to log in to a network account via loginwindow, and the Kerberos ticket is not destroyed. It is possible that the flaw may allow arbitrary access to credentials resulting in a loss of confidentiality.

References:

Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=304460 Security Tracker: 1016959 Secunia Advisory ID:22187 Related OSVDB ID: 29268 Related OSVDB ID: 29273 Related OSVDB ID: 29276 Related OSVDB ID: 29269 Related OSVDB ID: 29267 Related OSVDB ID: 29271 Related OSVDB ID: 29272 Related OSVDB ID: 29274 Related OSVDB ID: 29275 FrSIRT Advisory: ADV-2006-3852 CVE-2006-4397 Bugtraq ID: 20271