Apple Xcode Tools WebObjects Unauthorized Remote Access Vulnerability

Bugtraq ID:	18091
Class:	Access Validation Error
CVE:	CVE-2006-1466
Remote:	Yes
Local:	No
Published:	May 23 2006 12:00AM
Updated:	May 24 2006 05:23PM
Credit:	Mike Schrag of mDimension Technology is credited with the discovery of this vulnerability.
Vulnerable:	Apple Xcode 2.2 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4
Not Vulnerable:	Apple Xcode 2.3

Apple Xcode Tools WebObjects Unauthorized Remote Access Vulnerability

Xcode Tools is prone to an unauthorized remote access vulnerability through the WebObjects plug-in.

A remote attacker can exploit this issue to manipulate projects through the network service.

This issue affects only those systems with the Xcode Tools WebObjects plug-in installed.

Apple Xcode Tools WebObjects Unauthorized Remote Access Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Apple Xcode Tools WebObjects Unauthorized Remote Access Vulnerability

Solution:
The vendor has released updates to address this issue.


Apple Xcode 2.2

• Apple xcode_2.3_8m1780_oz693620813.dmg
  http://developer.apple.com/tools/download/

Apple Mac OS X 10.4.4

• Apple xcode_2.3_8m1780_oz693620813.dmg
  http://developer.apple.com/tools/download/

Apple Mac OS X 10.4.5

• Apple xcode_2.3_8m1780_oz693620813.dmg
  http://developer.apple.com/tools/download/

Apple Mac OS X 10.4.6

• Apple xcode_2.3_8m1780_oz693620813.dmg
  http://developer.apple.com/tools/download/

Apple Xcode Tools WebObjects Unauthorized Remote Access Vulnerability

References:

• Apple Downloads (Apple)
  
• Vendor Home Page (Apple)