PT-2010-2280 · Apple · Macos X Server

Published

2010-03-30

Updated

2010-06-21

CVE-2010-0522

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apple Mac OS X Server version 10.5.8

Description The issue concerns the Server Admin in Apple Mac OS X Server, where it fails to properly determine the privileges of users who had former membership in the admin group. This allows remote authenticated users to leverage their former membership to obtain a server connection via screen sharing.

Recommendations For Apple Mac OS X Server version 10.5.8, consider restricting access to screen sharing for users who have had former membership in the admin group until a proper fix is applied. As a temporary workaround, review and manually adjust the privileges of such users to prevent unauthorized access.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2010-0522

Affected Products

Macos X Server

PT-2010-2280 · Apple · Macos X Server

CVE-2010-0522

Weakness Enumeration

Related Identifiers

Affected Products

References · 3