Vulnerability Description
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Apple Remote Desktop | 2.0.0 |
| Apple | Mac Os X | <= 10.2.8 |
References
- http://www.osvdb.org/32260
- http://www.securityfocus.com/archive/1/446371/100/0/threaded
- http://www.securityfocus.com/archive/1/446751/100/0/threaded
- http://www.securityfocus.com/archive/1/447043/100/0/threaded
- http://www.securityfocus.com/bid/20092
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29060
- http://www.osvdb.org/32260
- http://www.securityfocus.com/archive/1/446371/100/0/threaded
- http://www.securityfocus.com/archive/1/446751/100/0/threaded
- http://www.securityfocus.com/archive/1/447043/100/0/threaded
- http://www.securityfocus.com/bid/20092
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29060
FAQ
What is CVE-2006-4887?
CVE-2006-4887 is a vulnerability with a CVSS score of 7.2 (HIGH). Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gai...
How severe is CVE-2006-4887?
CVE-2006-4887 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4887?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Apple Remote Desktop, Apple Mac Os X.