CVE-2014-4446

Name of the Vulnerable Software and Affected Versions Apple OS X Server versions prior to 4.0

Description The issue concerns the Mail Service in Apple OS X Server, where it fails to enforce SACL changes immediately, allowing remote authenticated users to bypass intended access restrictions under certain circumstances. This can occur when an administrator makes a change, and the service has not been restarted.

Recommendations For Apple OS X Server versions prior to 4.0, update to version 4.0 or later to resolve the issue. As a temporary workaround, consider restarting the Mail Service after any SACL changes are made by an administrator to ensure the changes are enforced.