Local Users Can Access Other Mailboxes on Apple Mac OS X 10.3.6 Server with Kerberos
CVE-2004-1089

Currently unrated

Key Information:

Vendor: Apple
Status: Quicktime Streaming Server; Darwin Streaming Server
Vendor: CVE Published:; 2 December 2004

Summary

An unknown vulnerability in Apple Mac OS X 10.3.6 server allows local users utilizing Kerberos authentication to gain unauthorized access to the mailboxes of other users through Cyrus IMAP. This flaw poses a significant risk as it can enable malicious local users to exploit their access rights, potentially compromising sensitive information contained within other users' mailboxes.

References

http://www.securityfocus.com/bid/11802

vdb-entryx_refsource_BID

http://secunia.com/advisories/13362/

third-party-advisoryx_refsource_SECUNIA

http://lists.apple.com/archives/security-announce/2004/De...

vendor-advisoryx_refsource_APPLE

Timeline

Vulnerability published
Dec 2, 2004
Vulnerability Reserved
Nov 30, 2004