Apple Mac OS X Server Admin Screen Sharing Security Bypass Vulnerability

Bugtraq ID:	39290
Class:	Access Validation Error
CVE:	CVE-2010-0522
Remote:	Yes
Local:	No
Published:	Mar 31 2010 12:00AM
Updated:	Mar 31 2010 12:00AM
Credit:	Apple
Vulnerable:	Apple Mac OS X 10.5.8 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.5
Not Vulnerable:

Apple Mac OS X Server Admin Screen Sharing Security Bypass Vulnerability

Apple Mac OS X is prone to a security-bypass vulnerability that occurs in the Server Admin component.

A remote attacker with former administrator privileges may exploit this issue to gain unauthorized access to the vulnerable computer.

NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.

Apple Mac OS X Server Admin Screen Sharing Security Bypass Vulnerability

Attackers can exploit this issue with readily available tools.

Apple Mac OS X Server Admin Screen Sharing Security Bypass Vulnerability

Solution:
Updates are available to address this issue. Please see the references for more information.

Apple Mac OS X Server Admin Screen Sharing Security Bypass Vulnerability

References:

• Mac OS X Homepage (Apple)