{"vuid":"VU#897628","idnumber":"897628","name":"Apple Mac OS X may allow network accounts to bypass service access controls","keywords":["Apple","Mac OS X","security bypass","network accounts","loginwindow","service access control","apple-2006-006"],"overview":"Apple Mac OS X may allow network accounts to bypass service access controls. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls.","clean_desc":"Remote access to a system can be restricted by service access controls via LoginWindow. According to  Apple Security Update 2006-006: A logic error in loginwindow allows network accounts without GUIDs to bypass service access controls. Only systems that have been configured to allow network accounts to authenticate without a Globally Unique Identifier, and use service access controls for the LoginWindow are affected by this vulnerability.","impact":"This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls.","resolution":"Upgrade\nApple has addressed this issue in Apple Security Update 2006-006.","workarounds":"","sysaffected":"","thanks":"This issue was reported in \n Apple Security Update \n2006-006","author":"This document was written by Chris Taschner.","public":["http://secunia.com/advisories/22187/","http://docs.info.apple.com/article.html?artnum=304460"],"cveids":["CVE-2006-4394"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-10-02T13:17:18Z","publicdate":"2006-09-29T00:00:00Z","datefirstpublished":"2006-10-02T19:13:38Z","dateupdated":"2006-10-02T20:04:32Z","revision":15,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"8","cam_impact":"20","cam_easeofexploitation":"5","cam_attackeraccessrequired":"8","cam_scorecurrent":"2.76","cam_scorecurrentwidelyknown":"3.36","cam_scorecurrentwidelyknownexploited":"5.76","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.76,"vulnote":null}