Apple Mac OS X Intel-Based Local Authentication Bypass Vulnerability

Bugtraq ID:	17364
Class:	Access Validation Error
CVE:	CVE-2006-0401
Remote:	No
Local:	Yes
Published:	Apr 03 2006 12:00AM
Updated:	Apr 04 2006 06:23PM
Credit:	The vendor credits David Pugh with the discovery of this issue.
Vulnerable:	Apple Mac OS X Server 10.4.5 Apple Mac OS X 10.4.5
Not Vulnerable:	Apple Mac OS X Server 10.4.6 Apple Mac OS X 10.4.6

Apple Mac OS X Intel-Based Local Authentication Bypass Vulnerability

Mac OS X running on Intel-based Macintosh computers is prone to an authentication-bypass vulnerability.

A local attacker can exploit this issue to bypass the firmware password and gain access to Single User Mode.

Apple Mac OS X Intel-Based Local Authentication Bypass Vulnerability

An attacker must have physical access to a vulnerable computer to exploit this issue.

Apple Mac OS X Intel-Based Local Authentication Bypass Vulnerability

Solution:
The vendor has released security advisory APPLE-SA-2006-04-03 to address this issue.


Apple Mac OS X Server 10.4.5

• Apple MacOSXUpd10.4.6Intel.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10149&cat= 1&platform=osx&method=sa/MacOSXUpd10.4.6Intel.dmg

Apple Mac OS X 10.4.5

• Apple MacOSXUpd10.4.6Intel.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10149&cat= 1&platform=osx&method=sa/MacOSXUpd10.4.6Intel.dmg

Apple Mac OS X Intel-Based Local Authentication Bypass Vulnerability

References:

• About the security content of the Mac OS X 10.4.6 Update (Apple)
  
• Mac OS X Homepage (Apple)
  
• Vendor Home Page (Apple)