ID

VAR-200501-0314

CVE

CVE-2004-0924

TITLE

Apple MacOS X NetInfoManager Account Information False Positive Vulnerability

DESCRIPTION

NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not. Multiple security vulnerabilities are reported in Mac OS X. A security update is available to address these issues and to provide other enhancements. The following issues are reported: Apple AFP server is reported prone to a remote denial of service vulnerability. A weak permissions vulnerability is reported to affect the AFP server. This may result in a false sense of security for an administrator. A vulnerability is reported to exist in the NetInfoManager utility. It is reported that the utility will, under certain circumstances, report the status of certain accounts as disabled when they are not. A heap-based buffer overrun is reported to exist in the QuickTime utility. An attacker may exploit this vulnerability to execute arbitrary instructions in the context of the user that is running the vulnerable software. Finally, ServerAdmin is reported prone to a weak default configuration vulnerability. This may result in ServerAdmin traffic being intercepted and decrypted by a remote attacker. This vulnerability has been split into BID 11344. Some of these issues may already be described in previous BIDs. This BID will be split up into unique BIDs when further analysis of this update is complete

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

lack of information

EXTERNAL IDS

REFERENCES

CREDITS

Apple

SOURCES

LAST UPDATE DATE

2024-08-14T13:11:11.349000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE