TITLE: Apple Remote Desktop Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA11711 VERIFY ADVISORY: http://secunia.com/advisories/11711/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Apple Remote Desktop 1.x http://secunia.com/product/4180/ Apple Remote Desktop 2.x http://secunia.com/product/4181/ DESCRIPTION: Andrew Nakhla has discovered a vulnerability in Apple Remote Desktop, which can be exploited by malicious users to gain root access on a vulnerable system. The problem is that a user under certain circumstances during the login process is able to launch applications behind the login window with root privileges. Successful exploitation requires that the user has a valid account, has been granted "Open and quit applications" privileges, and that fast user switching is enabled. SOLUTION: Update to version 2.1 or apply Security Update 2004-10-27 for version 1.x. Apple Remote Desktop 2.1: http://www.apple.com/support/downloads/appleremotedesktop21admin.html http://www.apple.com/support/downloads/appleremotedesktop21client.html Apple Remote Desktop 1.x: http://www.apple.com/support/downloads/securityupdate20041027ard.html PROVIDED AND/OR DISCOVERED BY: Andrew Nakhla ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------