CVE-2014-4446 Information

Description

Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator.

Reference

http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://www.securitytracker.com/id/1031071 https://exchange.xforce.ibmcloud.com/vulnerabilities/97645 https://support.apple.com/kb/HT6536