Vulnerability Name:

CVE-2006-4887 (CCN-29060)

Assigned:2006-09-18
Published:2006-09-18
Updated:2018-10-30
Summary:Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation.
Note: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
CVSS v3 Severity:8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
6.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Sep 18 2006 - 16:26:52 CDT
Apple Remote Desktop root vulneravility

Source: MITRE
Type: CNA
CVE-2006-4887

Source: CCN
Type: Apple Remote Desktop
Apple Remote Desktop 3

Source: OSVDB
Type: UNKNOWN
32260

Source: CCN
Type: OSVDB ID: 32260
Apple Remote Desktop Application Installation Privilege Escalation

Source: BUGTRAQ
Type: UNKNOWN
20060918 Apple Remote Desktop root vulneravility

Source: BUGTRAQ
Type: UNKNOWN
20060920 Re: Apple Remote Desktop root vulneravility

Source: BUGTRAQ
Type: UNKNOWN
20060926 Re: Re: Apple Remote Desktop root vulneravility

Source: BID
Type: UNKNOWN
20092

Source: CCN
Type: BID-20092
Apple Remote Desktop Local Authentication Bypass Vulnerability

Source: XF
Type: UNKNOWN
apple-remote-desktop-privilege-escalation(29060)

Source: XF
Type: UNKNOWN
apple-remote-desktop-gain-privileges(29060)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apple:apple_remote_desktop:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:apple_remote_desktop:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:apple_remote_desktop:3.0.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version <= 10.2.8)

    • Configuration CCN 1:
  • cpe:/a:apple:apple_remote_desktop:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:apple_remote_desktop:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:apple_remote_desktop:2.1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple apple remote desktop 2.0.0
    apple apple remote desktop 2.1.0
    apple apple remote desktop 3.0.0
    apple mac os x *
    apple apple remote desktop 3.0
    apple apple remote desktop 2.0.0
    apple apple remote desktop 2.1.0