CVE-2007-4687

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions 10.4 through 10.4.10

Description: The issue concerns the remote cmds component, which contains a symbolic link from the tftpboot private directory to the root directory. This allows tftpd users to escape the private directory and access arbitrary files.

Recommendations: For Apple Mac OS X versions 10.4 through 10.4.10, consider restricting access to the tftpd service to minimize the risk of exploitation. As a temporary workaround, restrict the tftpboot directory access to prevent users from escaping the private directory.