Apple Remote Desktop Insecure Default Package Permission Vulnerability
BID:21139
Info
Apple Remote Desktop Insecure Default Package Permission Vulnerability
| Bugtraq ID: | 21139 |
| Class: | Access Validation Error |
| CVE: |
CVE-2006-4413 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 16 2006 12:00AM |
| Updated: | Nov 21 2006 07:05PM |
| Credit: | Andrew Mortensen of the University of Michigan reported this issue to the vendor. |
| Vulnerable: |
Apple Remote Desktop 3.0 |
| Not Vulnerable: |
Apple Remote Desktop 3.1 |
Discussion
Apple Remote Desktop Insecure Default Package Permission Vulnerability
Apple Remote Desktop is prone to an insecure-default-permissions vulnerability.
Successfully exploiting this issue allows attackers to alter the contents of packages that may subsequently be installed on remote computers. This facilitates the complete compromise of remote computers controlled by the vulnerable Remote Desktop server computer.
Apple Remote Desktop is prone to an insecure-default-permissions vulnerability.
Successfully exploiting this issue allows attackers to alter the contents of packages that may subsequently be installed on remote computers. This facilitates the complete compromise of remote computers controlled by the vulnerable Remote Desktop server computer.
Exploit / POC
Apple Remote Desktop Insecure Default Package Permission Vulnerability
Attackers can use readily available utilities to exploit this issue.
Attackers can use readily available utilities to exploit this issue.
Solution / Fix
Apple Remote Desktop Insecure Default Package Permission Vulnerability
Solution:
Apple has released an advisory along with fixes to address this issue. Please see the referenced advisory for information on obtaining and applying fixes.
Solution:
Apple has released an advisory along with fixes to address this issue. Please see the referenced advisory for information on obtaining and applying fixes.
References
Apple Remote Desktop Insecure Default Package Permission Vulnerability
References:
References: