Apple Mac OS X Password Server Outdated Password Security Bypass Vulnerability
BID:39273
Info
Apple Mac OS X Password Server Outdated Password Security Bypass Vulnerability
| Bugtraq ID: | 39273 |
| Class: | Access Validation Error |
| CVE: |
CVE-2010-0510 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2010 12:00AM |
| Updated: | Mar 29 2010 12:00AM |
| Credit: | Jack Johnson of Anchorage School District |
| Vulnerable: |
Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.6 Apple Mac OS X Server 10.5 |
| Not Vulnerable: |
Apple Mac OS X Server 10.6.3 |
Discussion
Apple Mac OS X Password Server Outdated Password Security Bypass Vulnerability
Apple Mac OS X is prone to a security-bypass vulnerability that occurs in the Password Server component.
Remote attackers can exploit this issue to gain unauthorized access to the affected computer by using outdated passwords.
NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.
Apple Mac OS X is prone to a security-bypass vulnerability that occurs in the Password Server component.
Remote attackers can exploit this issue to gain unauthorized access to the affected computer by using outdated passwords.
NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.
Exploit / POC
Apple Mac OS X Password Server Outdated Password Security Bypass Vulnerability
Attackers can exploit this issue with readily available tools.
Attackers can exploit this issue with readily available tools.
Solution / Fix
Apple Mac OS X Password Server Outdated Password Security Bypass Vulnerability
Solution:
Updates are available to address this issue. Please see the references for more information.
Apple Mac OS X Server 10.6
Apple Mac OS X Server 10.5
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.7
Apple Mac OS X Server 10.5.8
Apple Mac OS X Server 10.6.1
Solution:
Updates are available to address this issue. Please see the references for more information.
Apple Mac OS X Server 10.6
-
Apple MacOSXServerUpdCombo10.6.3.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.1
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.2
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.3
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.4
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.5
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.6
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.7
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.8
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.6.1
-
Apple MacOSXServerUpdCombo10.6.3.dmg
http://www.apple.com/support/downloads/
References
Apple Mac OS X Password Server Outdated Password Security Bypass Vulnerability
References:
References:
- Mac OS X Homepage (Apple)