Vulnerabilities > CVE-2006-4413 - Remote Desktop Insecure Default Package Permission vulnerability in Apple Remote Desktop 2.0/2.1/3.0

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

apple

NVD

Published: 2006-11-18

Updated: 2011-03-08

Summary

Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages.

Vulnerable Configurations

Part	Description	Count
Application	Apple Apple Remote Desktop - Apple Remote Desktop 2.0 Apple Remote Desktop 2.1 Apple Remote Desktop 3.0	4

References

http://lists.apple.com/archives/security-announce/2006/Nov/msg00000.html
http://secunia.com/advisories/22982
http://securitytracker.com/id?1017241
http://www.securityfocus.com/bid/21139
http://www.vupen.com/english/advisories/2006/4567