Mac OS X Preferences Account Manipulation WebObjects Application Privilege Persistence

2006-09-27T16:18:57
ID OSVDB:29273
Type osvdb
Reporter OSVDB
Modified 2006-09-27T16:18:57

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the account option "Allow user to administer this computer" is unchecked, but the user is not removed from the appserveradm or appserverusr groups. This flaw may allow a non-administrative user to administer WebObjects applications, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the account option "Allow user to administer this computer" is unchecked, but the user is not removed from the appserveradm or appserverusr groups. This flaw may allow a non-administrative user to administer WebObjects applications, leading to a loss of integrity.

References:

Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=304460 Security Tracker: 1016955 Secunia Advisory ID:22187 Related OSVDB ID: 29268 Related OSVDB ID: 29270 Related OSVDB ID: 29276 Related OSVDB ID: 29269 Related OSVDB ID: 29267 Related OSVDB ID: 29271 Related OSVDB ID: 29272 Related OSVDB ID: 29274 Related OSVDB ID: 29275 ISS X-Force ID: 29296 FrSIRT Advisory: ADV-2006-3852 CVE-2006-4387 Bugtraq ID: 20271