The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 prior to 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x server 10.5.8 |
||
apple mac os x server 10.6.1 |
||
apple mac os x 10.6.3 |
||
apple mac os x server 10.6.0 |
||
apple mac os x 10.5.8 |
||
apple mac os x 10.6.0 |
||
apple mac os x 10.6.1 |
||
apple mac os x 10.6.2 |
||
apple mac os x server 10.6.2 |
||
apple mac os x server 10.6.3 |