CVE-2008-2330

Name of the Vulnerable Software and Affected Versions: Mac OS X versions 10.5 through 10.5.4

Description: The issue is related to an insecure file operation in the slapconfig component of Directory Services, allowing local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator. This is due to the use of the mkfifo function.

Recommendations: For Mac OS X versions 10.5 through 10.5.4, consider restricting access to the slapconfig component until a fix is available, and avoid using the mkfifo function in sensitive operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.