CVE-2005-1472

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X version 10.4.1

Description: The issue concerns certain system calls in the operating system that do not properly enforce directory permissions. Specifically, directories without the POSIX read bit set but with execute bits set for group or other can be listed by local users, even if they are otherwise restricted.

Recommendations: For Apple Mac OS X version 10.4.1, consider restricting access to sensitive directories by adjusting their permissions to remove execute bits for group or other, until a proper fix is applied.