BID:39281

Apple Mac OS X Open Directory Anonymous Access Security Bypass Vulnerability

Info

Apple Mac OS X Open Directory Anonymous Access Security Bypass Vulnerability

Bugtraq ID:	39281
Class:	Access Validation Error
CVE:	CVE-2010-0521
Remote:	Yes
Local:	No
Published:	Mar 29 2010 12:00AM
Updated:	Mar 29 2010 12:00AM
Credit:	Scott Gruby of Gruby Solutions and Mathias Haack of GRAVIS Computervertriebsgesellschaft mbH
Vulnerable:	Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.6 Apple Mac OS X Server 10.5

Not Vulnerable:	Apple Mac OS X Server 10.6.3

Discussion

Apple Mac OS X Open Directory Anonymous Access Security Bypass Vulnerability

Apple Mac OS X is prone to a security-bypass vulnerability that affects Open Directory access.

Remote attackers can exploit this issue to gain anonymous access to Open Directory data, possibly accessing sensitive information. This may aid in further attacks.

The following are vulnerable:

Mac OS X Server 10.5.8
Mac OS X Server 10.6 prior to 10.6.3

NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.

Exploit / POC

Apple Mac OS X Open Directory Anonymous Access Security Bypass Vulnerability

Attackers can exploit this issue using readily available networking tools.

Solution / Fix

Apple Mac OS X Open Directory Anonymous Access Security Bypass Vulnerability

Solution:
A vendor advisory is available to address this issue. Please see the references for more information.

Apple Mac OS X Server 10.6