Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2836

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2009-2836
Last Modified 17 Nov 2009 02:03:00
Published 10 Nov 2009 02:30:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2009-2836

Summary

Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.6

  • Apple Mac Os X 10.6.1

  • Apple Mac Os X Server 10.6

  • Apple Mac Os X Server 10.6.1


References

BID - 36956

CONFIRM - http://support.apple.com/kb/HT3937

VUPEN - ADV-2009-3184

APPLE - APPLE-SA-2009-11-09-1

Related Patches

Apple 2009-11-09 Mac OS X v10.6.2 Update


Last Updated: 27 May 2016 10:51:02