CVE-2010-0545 | Vulnerability Database | Aqua Security

The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an Apply to enclosed items action, which allows local users to bypass intended access restrictions via normal filesystem operations.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	10.5.8 (including)	10.5.8 (including)
Mac_os_x	Apple	10.6.0 (including)	10.6.0 (including)
Mac_os_x	Apple	10.6.1 (including)	10.6.1 (including)
Mac_os_x	Apple	10.6.2 (including)	10.6.2 (including)
Mac_os_x	Apple	10.6.3 (including)	10.6.3 (including)
Mac_os_x_server	Apple	10.5.8 (including)	10.5.8 (including)
Mac_os_x_server	Apple	10.6.0 (including)	10.6.0 (including)
Mac_os_x_server	Apple	10.6.1 (including)	10.6.1 (including)
Mac_os_x_server	Apple	10.6.2 (including)	10.6.2 (including)
Mac_os_x_server	Apple	10.6.3 (including)	10.6.3 (including)

References

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
http://secunia.com/advisories/40220
http://securitytracker.com/id?1024103
http://support.apple.com/kb/HT4188
http://www.securityfocus.com/bid/40871
http://www.vupen.com/english/advisories/2010/1481

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-0545
CWE	https://cwe.mitre.org/data/definitions/264.html