Overview
A vulnerability in Mac OS X may permit a local authenticated user with physical access to the machine to gain elevated privileges.
Description
Mac OS X permits the remote authentication of users via directory sevices lookups. When a user logs in to a machine configured to use the Directory Services to provide authentication, it is possible to disconnect the machine's network connection and potentially be logged in with a Finder running as root. This gives the user full root permissions on the machine. Applications started in the session will also run as root. This vulnerability affects Mac OS X 10.3 through 10.3.3. |
Impact
A local authenticated user with physical access to the machine may be able to gain root privileges to the system. |
Solution
Apple has resolved this issue in Mac OS X 10.3.4. A free upgrade is available at http://www.apple.com/support/downloads/. |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
Thanks to Jim Foraker for reporting this vulnerability.
This document was written by Jason A Rafail.
Other Information
CVE IDs: | CVE-2004-0514 |
Severity Metric: | 0.24 |
Date Public: | 2004-05-28 |
Date First Published: | 2004-06-21 |
Date Last Updated: | 2004-07-21 17:04 UTC |
Document Revision: | 8 |