CERTA-2003-AVI-126
Vulnerability from certfr_avis

Une vulnérabilité dans le Workgroup Manager de MacOS X permet à un utilisateur mal intentionné d'usurper un compte nouvellement créé.

Description

Workgroup Manager est une application intégrée à MacOS X (à partir de MacOS X version 10.2) et basée sur un annuaire LDAP, permettant la gestion des utilisateurs, des groupes d'utilisateurs et des machines. Une vulnérabilité dans Workgroup Manager permet à un utilisateur mal intentionné, lors de la création d'un compte, d'usurper ce compte avant sa première sauvegarde.

Solution

Appliquer le correctif de sécurité fourni par Apple (cf. section Documentation).

Apple MacOS X version 10.2 et suivantes.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApple MacOS X version 10.2 et  suivantes.\u003c/p\u003e",
  "content": "## Description\n\nWorkgroup Manager est une application int\u00e9gr\u00e9e \u00e0 MacOS X (\u00e0 partir de\nMacOS X version 10.2) et bas\u00e9e sur un annuaire LDAP, permettant la\ngestion des utilisateurs, des groupes d\u0027utilisateurs et des machines.\nUne vuln\u00e9rabilit\u00e9 dans Workgroup Manager permet \u00e0 un utilisateur mal\nintentionn\u00e9, lors de la cr\u00e9ation d\u0027un compte, d\u0027usurper ce compte avant\nsa premi\u00e8re sauvegarde.\n\n## Solution\n\nAppliquer le correctif de s\u00e9curit\u00e9 fourni par Apple (cf. section\nDocumentation).\n",
  "cves": [],
  "initial_release_date": "2003-07-25T00:00:00",
  "last_revision_date": "2003-07-25T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple:",
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "title": "D\u00e9tail du bulletin de s\u00e9curit\u00e9 Security Update    2003-07-23 v1.0:",
      "url": "http://www.info.apple.com/article.html?artnum=120235"
    }
  ],
  "reference": "CERTA-2003-AVI-126",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-07-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le Workgroup Manager de MacOS X permet \u00e0 un\nutilisateur mal intentionn\u00e9 d\u0027usurper un compte nouvellement cr\u00e9\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Workgroup Manager de MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple : SecurityUpdate 2003-07-23",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.