SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Mac OS X SecurityAgent Lets Physically Local Users Bypass the Screen Saver Password Mechanism
SecurityTracker Alert ID:  1018951
SecurityTracker URL:  http://securitytracker.com/id/1018951
CVE Reference:   CVE-2007-4693   (Links to External Site)
Date:  Nov 15 2007
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.4 - 10.4.10
Description:   A vulnerability was reported in Mac OS X. A physically local user may be able to bypass the screen saver authentication mechanism.

A physically local user may be able to send keystrokes to a process on the system that is running behind the screen saver authentication dialog.

Faisal N. Jawdat reported this vulnerability.

Impact:   A physically local user may be able to bypass the screen saver authentication mechanism.
Solution:   Apple has released a fix, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

[Editor's note: This vulnerability only affects 10.4.x]

The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Mac OS X v10.4.11 or Security Update 2007-008.

For Mac OS X v10.4.10 (Intel)
The download file is named: "MacOSXUpd10.4.11Intel.dmg"
Its SHA-1 digest is: 4c9103699c7925cc0277cffce4c7419a9d469c31

For Mac OS X v10.4.4 (Intel) through v10.4.9 (Intel)
The download file is named: "MacOSXUpdCombo10.4.11Intel.dmg"
Its SHA-1 digest is: 9a869c44010996bcf1a645f5467dd1bc596924dd

For Mac OS X v10.4.10 (PowerPC)
The download file is named: "MacOSXUpd10.4.11PPC.dmg"
Its SHA-1 digest is: 132d354637604c63d28b57e57e74aed1b21c9894

For Mac OS X v10.4 (PowerPC) through v10.4.9 (PowerPC)
The download file is named: "MacOSXUpdCombo10.4.11PPC.dmg"
Its SHA-1 digest is: 3d403bfa769424c61a3cfac173f8527658f9d4af

For Mac OS X Server v10.4.10 (Universal)
The download file is named: "MacOSXServerUpd10.4.11Univ.dmg"
Its SHA-1 digest is: 37bf2f081d773756472205146a037d1c8c52d45e

For Mac OS X Server v10.4.7 through v10.4.9 (Universal)
The download file is named: "MacOSXSrvrCombo10.4.11Univ.dmg"
Its SHA-1 digest is: 94a87bb6f7c73b68c2a8654a5c2642d7c5e82d56

For Mac OS X Server v10.4.10 (PowerPC)
The download file is named: "MacOSXServerUpd10.4.11PPC.dmg"
Its SHA-1 digest is: 6dde722314da1eaf00f881f026cfe770044f6cda

For Mac OS X Server v10.4 through v10.4.9 (PowerPC)
The download file is named: "MacOSXSrvrCombo10.4.11PPC.dmg"
Its SHA-1 digest is: 3aeb0fae441957c7a831365ad5af1b79b0d87720

For Mac OS X v10.3.9
The download file is named: "SecUpd2007-008Pan.dmg"
Its SHA-1 digest is: 7049852014bb8d31fe8a3b2706e59c1e7d3aebcd

For Mac OS X Server v10.3.9
The download file is named: "SecUpdSrvr2007-008Pan.dmg"
Its SHA-1 digest is: d085bfc4bc59ca3c81495e9b7029381c3fa9b082

The Apple advisory is available at:

http://docs.info.apple.com/article.html?artnum=307041

Vendor URL:  docs.info.apple.com/article.html?artnum=307041 (Links to External Site)
Cause:   Access control error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2016, SecurityGlobal.net LLC