CVE-2006-4887

Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.

Published: Sep 19, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-4887
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apple / apple_remote_desktop	3.0.0	3.0.0.x
apple / apple_remote_desktop	2.0.0	2.0.0.x
apple / apple_remote_desktop	2.1.0	2.1.0.x
apple / mac_os_x	-	10.2.8.x

http://www.osvdb.org/32260
http://www.securityfocus.com/archive/1/446371/100/0/threaded
http://www.securityfocus.com/archive/1/446751/100/0/threaded
http://www.securityfocus.com/archive/1/447043/100/0/threaded
http://www.securityfocus.com/bid/20092
https://exchange.xforce.ibmcloud.com/vulnerabilities/29060

Vulnerability Database

291,049

CVE-2006-4887