Access Control Issue in Apple OS X Mail Service
CVE-2014-4446

Currently unrated

Key Information:

Vendor
Apple
Status
Os X Server
Vendor
CVE Published:
18 October 2014

Summary

The Mail Service in Apple OS X Server prior to version 4.0 has a security flaw where it does not enforce Security Access Control List (SACL) changes until the service is restarted. This oversight potentially allows remote authenticated users to circumvent intended access restrictions under opportunistic circumstances by exploiting unauthorized modifications made by an administrator.

References

http://www.securitytracker.com/id/1031071
vdb-entryx_refsource_SECTRACK
http://archives.neohapsis.com/archives/bugtraq/2014-10/01...
vendor-advisoryx_refsource_APPLE
https://exchange.xforce.ibmcloud.com/vulnerabilities/97645
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2014-4446 : Access Control Issue in Apple OS X Mail Service | SecurityVulnerability.io