search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Apple Mac OS X vulnerable to privilege escalation when using Directory Services

Vulnerability Note VU#174790

Original Release Date: 2004-06-21 | Last Revised: 2004-07-21

Overview

A vulnerability in Mac OS X may permit a local authenticated user with physical access to the machine to gain elevated privileges.

Description

Mac OS X permits the remote authentication of users via directory sevices lookups. When a user logs in to a machine configured to use the Directory Services to provide authentication, it is possible to disconnect the machine's network connection and potentially be logged in with a Finder running as root. This gives the user full root permissions on the machine. Applications started in the session will also run as root.

This vulnerability affects Mac OS X 10.3 through 10.3.3.

Impact

A local authenticated user with physical access to the machine may be able to gain root privileges to the system.

Solution

Apple has resolved this issue in Mac OS X 10.3.4. A free upgrade is available at http://www.apple.com/support/downloads/.

Vendor Information

174790
 

Apple Computer Inc. Affected

Updated:  June 21, 2004

Status

Affected

Vendor Statement

The issue reported in Vulnerability Note VU#174790 affects Mac OS X versions 10.3 through 10.3.3. The issue has been fixed in Mac OS X 10.3.4 which is available as a free upgrade via http://www.apple.com/support/downloads/

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Jim Foraker for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs: CVE-2004-0514
Severity Metric: 0.24
Date Public: 2004-05-28
Date First Published: 2004-06-21
Date Last Updated: 2004-07-21 17:04 UTC
Document Revision: 8

Sponsored by CISA.