SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the Switch User… button to appear even though the Enable fast user switching setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the Require password to wake this computer from sleep or screen saver setting.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mac_os_x | Apple | 10.4.2 (including) | 10.4.2 (including) |
| Mac_os_x_server | Apple | 10.4.2 (including) | 10.4.2 (including) |
References
- http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html
- http://secunia.com/advisories/16920/
- http://www.auscert.org.au/5509
- http://www.ciac.org/ciac/bulletins/p-312.shtml
- http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html
- http://secunia.com/advisories/16920/
- http://www.auscert.org.au/5509
- http://www.ciac.org/ciac/bulletins/p-312.shtml