Apple Mac OS X LoginWindow gain privileges
| macosx-loginwindow-gain-privileges (16289) |  High Risk |
Description:
Apple Mac OS X could allow a local attacker to gain elevated privileges on the system. Mac OS X fails to properly handle directory service lookups and console log files.
Consequences:
Gain Privileges
Remedy:
Upgrade to the latest version of Mac OS X (10.3.4 or later), available from the Apple Web site. See References.
References:
- Apple Computer, Inc.Web site: Apple - Support - Downloads - Mac OS X Update 10.3.4.
- AppleCare Knowledge Base Document 61798: Apple Security Updates.
- BID-10432: Apple Mac OS X Multiple Unspecified Security Vulnerabilities
- CVE-2004-0514: Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to handling of directory services lookups.
- CVE-2004-0515: Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to handling of console log files.
- SECTRACK ID: 1010330: Apple Mac OS X Has Unspecified Flaw in LoginWindow
- US-CERT VU#174790: Apple Mac OS X vulnerable to privilege escalation when using Directory Services
Platforms Affected:
- Apple Mac OS X 10.3
- Apple Mac OS X 10.3.1
- Apple Mac OS X 10.3.2
- Apple Mac OS X 10.3.3
- Apple Mac OS X Server 10.3
- Apple Mac OS X Server 10.3.1
- Apple Mac OS X Server 10.3.2
- Apple Mac OS X Server 10.3.3
Reported:
May 29, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net