ID CVE-2006-4413
Summary Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages.
References
Vulnerable Configurations
  • cpe:2.3:a:apple:remote_desktop:-:*:*:*:*:*:*:*
    cpe:2.3:a:apple:remote_desktop:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:remote_desktop:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:remote_desktop:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:remote_desktop:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:remote_desktop:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:remote_desktop:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:remote_desktop:3.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 08-03-2011 - 02:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
apple APPLE-SA-2006-11-16
bid 21139
sectrack 1017241
secunia 22982
vupen ADV-2006-4567
Last major update 08-03-2011 - 02:40
Published 18-11-2006 - 01:07
Last modified 08-03-2011 - 02:40
Back to Top