CVE-2009-0138

Apple Mac OS X 10.5.6 - Auth Bypass

Title source: llm

Description

servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.

References (6)

[Patch, Vendor Advisory] http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

[Vendor Advisory] http://support.apple.com/kb/HT3438

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33759

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33813

[Third Party Advisory] http://secunia.com/advisories/33937

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/0422

Scores

EPSS 0.0250

EPSS Percentile 85.1%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

apple/mac_os_x

apple/mac_os_x_server

Timeline

Published Feb 13, 2009

Tracked Since Feb 18, 2026