CVE-2006-4413
Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages.
Date published : 2006-11-17
http://lists.apple.com/archives/security-announce/2006/Nov/msg00000.html