CVE-2006-4387 - Low necked Submission
Description
Apple Mac OS X 10.4 through 10.4.7 when the administrator clears the \Allow user to administer this computer\ checkbox in System Preferences for a user does not remove the user’s account from the appserveradm or appserverusr groups which still allows the user to manage WebObjects applications.
Reference
http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://www.securityfocus.com/bid/20271 http://secunia.com/advisories/22187 http://securitytracker.com/id?1016955 http://www.osvdb.org/29273 http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29296