ID CVE-2005-2509
Summary Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
References
Vulnerable Configurations
  • Apple Mac OS X 10.0
    cpe:2.3:o:apple:mac_os_x:10.0
  • Apple Mac OS X 10.0.1
    cpe:2.3:o:apple:mac_os_x:10.0.1
  • Apple Mac OS X 10.0.2
    cpe:2.3:o:apple:mac_os_x:10.0.2
  • Apple Mac OS X 10.0.3
    cpe:2.3:o:apple:mac_os_x:10.0.3
  • Apple Mac OS X 10.0.4
    cpe:2.3:o:apple:mac_os_x:10.0.4
  • Apple Mac OS X 10.1
    cpe:2.3:o:apple:mac_os_x:10.1
  • Apple Mac OS X 10.1.1
    cpe:2.3:o:apple:mac_os_x:10.1.1
  • Apple Mac OS X 10.1.2
    cpe:2.3:o:apple:mac_os_x:10.1.2
  • Apple Mac OS X 10.1.3
    cpe:2.3:o:apple:mac_os_x:10.1.3
  • Apple Mac OS X 10.1.4
    cpe:2.3:o:apple:mac_os_x:10.1.4
  • Apple Mac OS X 10.1.5
    cpe:2.3:o:apple:mac_os_x:10.1.5
  • Apple Mac OS X 10.2
    cpe:2.3:o:apple:mac_os_x:10.2
  • Apple Mac OS X 10.2.1
    cpe:2.3:o:apple:mac_os_x:10.2.1
  • Apple Mac OS X 10.2.2
    cpe:2.3:o:apple:mac_os_x:10.2.2
  • Apple Mac OS X 10.2.3
    cpe:2.3:o:apple:mac_os_x:10.2.3
  • Apple Mac OS X 10.2.4
    cpe:2.3:o:apple:mac_os_x:10.2.4
  • Apple Mac OS X 10.2.5
    cpe:2.3:o:apple:mac_os_x:10.2.5
  • Apple Mac OS X 10.2.6
    cpe:2.3:o:apple:mac_os_x:10.2.6
  • Apple Mac OS X 10.2.7
    cpe:2.3:o:apple:mac_os_x:10.2.7
  • Apple Mac OS X 10.2.8
    cpe:2.3:o:apple:mac_os_x:10.2.8
  • Apple Mac OS X 10.3
    cpe:2.3:o:apple:mac_os_x:10.3
  • Apple Mac OS X 10.3.1
    cpe:2.3:o:apple:mac_os_x:10.3.1
  • Apple Mac OS X 10.3.2
    cpe:2.3:o:apple:mac_os_x:10.3.2
  • Apple Mac OS X 10.3.3
    cpe:2.3:o:apple:mac_os_x:10.3.3
  • Apple Mac OS X 10.3.4
    cpe:2.3:o:apple:mac_os_x:10.3.4
  • Apple Mac OS X 10.3.5
    cpe:2.3:o:apple:mac_os_x:10.3.5
  • Apple Mac OS X 10.3.6
    cpe:2.3:o:apple:mac_os_x:10.3.6
  • Apple Mac OS X 10.3.7
    cpe:2.3:o:apple:mac_os_x:10.3.7
  • Apple Mac OS X 10.3.8
    cpe:2.3:o:apple:mac_os_x:10.3.8
  • Apple Mac OS X 10.3.9
    cpe:2.3:o:apple:mac_os_x:10.3.9
  • Apple Mac OS X 10.4
    cpe:2.3:o:apple:mac_os_x:10.4
  • Apple Mac OS X 10.4.1
    cpe:2.3:o:apple:mac_os_x:10.4.1
  • Apple Mac OS X 10.4.9
    cpe:2.3:o:apple:mac_os_x:10.4.9
  • Apple Mac OS X Server 10.0
    cpe:2.3:o:apple:mac_os_x_server:10.0
  • Apple Mac OS X Server 10.1
    cpe:2.3:o:apple:mac_os_x_server:10.1
  • Apple Mac OS X Server 10.1.1
    cpe:2.3:o:apple:mac_os_x_server:10.1.1
  • Apple Mac OS X Server 10.1.2
    cpe:2.3:o:apple:mac_os_x_server:10.1.2
  • Apple Mac OS X Server 10.1.3
    cpe:2.3:o:apple:mac_os_x_server:10.1.3
  • Apple Mac OS X Server 10.1.4
    cpe:2.3:o:apple:mac_os_x_server:10.1.4
  • Apple Mac OS X Server 10.1.5
    cpe:2.3:o:apple:mac_os_x_server:10.1.5
  • Apple Mac OS X Server 10.2
    cpe:2.3:o:apple:mac_os_x_server:10.2
  • Apple Mac OS X Server 10.2.1
    cpe:2.3:o:apple:mac_os_x_server:10.2.1
  • Apple Mac OS X Server 10.2.2
    cpe:2.3:o:apple:mac_os_x_server:10.2.2
  • Apple Mac OS X Server 10.2.3
    cpe:2.3:o:apple:mac_os_x_server:10.2.3
  • Apple Mac OS X Server 10.2.4
    cpe:2.3:o:apple:mac_os_x_server:10.2.4
  • Apple Mac OS X Server 10.2.5
    cpe:2.3:o:apple:mac_os_x_server:10.2.5
  • Apple Mac OS X Server 10.2.6
    cpe:2.3:o:apple:mac_os_x_server:10.2.6
  • Apple Mac OS X Server 10.2.7
    cpe:2.3:o:apple:mac_os_x_server:10.2.7
  • Apple Mac OS X Server 10.2.8
    cpe:2.3:o:apple:mac_os_x_server:10.2.8
  • Apple Mac OS X Server 10.3
    cpe:2.3:o:apple:mac_os_x_server:10.3
  • Apple Mac OS X Server 10.3.1
    cpe:2.3:o:apple:mac_os_x_server:10.3.1
  • Apple Mac OS X Server 10.3.2
    cpe:2.3:o:apple:mac_os_x_server:10.3.2
  • Apple Mac OS X Server 10.3.3
    cpe:2.3:o:apple:mac_os_x_server:10.3.3
  • Apple Mac OS X Server 10.3.4
    cpe:2.3:o:apple:mac_os_x_server:10.3.4
  • Apple Mac OS X Server 10.3.5
    cpe:2.3:o:apple:mac_os_x_server:10.3.5
  • Apple Mac OS X Server 10.3.6
    cpe:2.3:o:apple:mac_os_x_server:10.3.6
  • Apple Mac OS X Server 10.3.7
    cpe:2.3:o:apple:mac_os_x_server:10.3.7
  • Apple Mac OS X Server 10.3.8
    cpe:2.3:o:apple:mac_os_x_server:10.3.8
  • Apple Mac OS X Server 10.3.9
    cpe:2.3:o:apple:mac_os_x_server:10.3.9
  • Apple Mac OS X Server 10.4
    cpe:2.3:o:apple:mac_os_x_server:10.4
  • Apple Mac OS X Server 10.4.1
    cpe:2.3:o:apple:mac_os_x_server:10.4.1
CVSS
Base: 2.1 (as of 19-08-2005 - 09:49)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
NASL family MacOS X Local Security Checks
NASL id MACOSX_SECUPD2005-007.NASL
description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib
last seen 2019-02-21
modified 2018-07-14
plugin id 19463
published 2005-08-18
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=19463
title Mac OS X Multiple Vulnerabilities (Security Update 2005-007)
refmap via4
apple
  • APPLE-SA-2005-08-15
  • APPLE-SA-2005-08-17
sectrack 1014704
Last major update 05-09-2008 - 16:51
Published 19-08-2005 - 00:00
Back to Top