CVE-2010-0522

Name of the Vulnerable Software and Affected Versions Apple Mac OS X Server version 10.5.8

Description The issue concerns the Server Admin in Apple Mac OS X Server, where it fails to properly determine the privileges of users who had former membership in the admin group. This allows remote authenticated users to leverage their former membership to obtain a server connection via screen sharing.

Recommendations For Apple Mac OS X Server version 10.5.8, consider restricting access to screen sharing for users who have had former membership in the admin group until a proper fix is applied. As a temporary workaround, review and manually adjust the privileges of such users to prevent unauthorized access.