CVE-2010-0545 Information

Description

The Finder in DesktopServices in Apple Mac OS X 10.5.8 and 10.6 before 10.6.4 does not set the expected file ownerships during an \Apply to enclosed items\ action which allows local users to bypass intended access restrictions via normal filesystem operations.

Reference

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://secunia.com/advisories/40220 http://securitytracker.com/id?1024103 http://support.apple.com/kb/HT4188 http://www.securityfocus.com/bid/40871 http://www.vupen.com/english/advisories/2010/1481