Mac OS X LoginWindow Fast User Switching Kerberos Ticket Disclosure

2006-09-27T16:18:57
ID OSVDB:29271
Type osvdb
Reporter Ragnar Sundblad()
Modified 2006-09-27T16:18:57

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious local user to access the Kerberos ticket of another user. The issue is triggered when Fast User Switching is enabled. It is possible that the flaw may allow arbitrary access to user credentials resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious local user to access the Kerberos ticket of another user. The issue is triggered when Fast User Switching is enabled. It is possible that the flaw may allow arbitrary access to user credentials resulting in a loss of confidentiality.

References:

Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=304460 Security Tracker: 1016959 Secunia Advisory ID:22187 Related OSVDB ID: 29268 Related OSVDB ID: 29273 Related OSVDB ID: 29270 Related OSVDB ID: 29276 Related OSVDB ID: 29269 Related OSVDB ID: 29267 Related OSVDB ID: 29272 Related OSVDB ID: 29274 Related OSVDB ID: 29275 ISS X-Force ID: 29290 FrSIRT Advisory: ADV-2006-3852 CVE-2006-4393 Bugtraq ID: 20271