Privilege Escalation in Apple Remote Desktop for Mac OS X
CVE-2006-4887

Currently unrated

Key Information:

Vendor: Apple
Status: Apple Remote Desktop
Vendor: CVE Published:; 19 September 2006

What is CVE-2006-4887?

Apple Remote Desktop for Mac OS X versions 10.2.8 and later lacks proper privilege dropping during the installation of certain applications. This oversight enables local users to exploit the installation process to bypass authentication mechanisms, potentially granting them elevated privileges by simply interacting with the installation icon. While this issue is closely related to Apple Remote Desktop, it can also be attributed to the applications installed through it.

References

http://www.securityfocus.com/bid/20092

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/446371/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/446751/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2006
Vulnerability Reserved
Sep 19, 2006