CERTA-2003-AVI-126

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans le Workgroup Manager de MacOS X permet à un utilisateur mal intentionné d'usurper un compte nouvellement créé.

Description

Workgroup Manager est une application intégrée à MacOS X (à partir de MacOS X version 10.2) et basée sur un annuaire LDAP, permettant la gestion des utilisateurs, des groupes d'utilisateurs et des machines. Une vulnérabilité dans Workgroup Manager permet à un utilisateur mal intentionné, lors de la création d'un compte, d'usurper ce compte avant sa première sauvegarde.

Solution

Appliquer le correctif de sécurité fourni par Apple (cf. section Documentation).

Apple MacOS X version 10.2 et suivantes.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApple MacOS X version 10.2 et  suivantes.\u003c/p\u003e",
  "content": "## Description\n\nWorkgroup Manager est une application int\u00e9gr\u00e9e \u00e0 MacOS X (\u00e0 partir de\nMacOS X version 10.2) et bas\u00e9e sur un annuaire LDAP, permettant la\ngestion des utilisateurs, des groupes d\u0027utilisateurs et des machines.\nUne vuln\u00e9rabilit\u00e9 dans Workgroup Manager permet \u00e0 un utilisateur mal\nintentionn\u00e9, lors de la cr\u00e9ation d\u0027un compte, d\u0027usurper ce compte avant\nsa premi\u00e8re sauvegarde.\n\n## Solution\n\nAppliquer le correctif de s\u00e9curit\u00e9 fourni par Apple (cf. section\nDocumentation).\n",
  "cves": [],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple:",
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "title": "D\u00e9tail du bulletin de s\u00e9curit\u00e9 Security Update    2003-07-23 v1.0:",
      "url": "http://www.info.apple.com/article.html?artnum=120235"
    }
  ],
  "reference": "CERTA-2003-AVI-126",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-07-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le Workgroup Manager de MacOS X permet \u00e0 un\nutilisateur mal intentionn\u00e9 d\u0027usurper un compte nouvellement cr\u00e9\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Workgroup Manager de MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple : SecurityUpdate 2003-07-23",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.