If you are using Mac OS X 10.2 / 3, and that one network interface is using DHCP to obtain automatically an IP address, and that SSH is active, and that the root account is active, and that you re-boot your machine, whoever has access to this network could gain admin access to your machine.
But this "failure" does not affect defaut install, contrary to what is stated. The amount of conditions required makes it almost impossible to exploit. But who knows...
To work around and prevent this weakness, you should ensure that either the access to your network is restricted (especially with wireless networks), or that the network interfaces are not using DHCP, or again ensure that the DHCP is configured to refuse authentication from LDAP and Netinfo found through DHCP (it is something that you can set up in Utilities/Directory Access) or you could de-activate the Root account (with Netinfo Manager), or de-activate Netinfo and LDAP (again in Directory Access), or by blocking all distant connection via SSH or similar services (but you still want to chnage the LDAP and Netinfo configuration).
Or avoid to re-boot :)
[Upd.]
It has been now confirmed that this is not a security flaw, but a concession made for enabling some easier set-ups: this boot-up behavior is inherited from NeXT, it avoids to have to configure one by one all the macs recently installed on a network. Well, better to prevent that to cure!
Select all / none
Apple
CD Drives
G5
Hard Drive
Internet
iPad
iPhone
iPod
Laptop
MacBidouille
Mac Intel
Mac OS X
Network
Overclock
PC
Peripheral
Software
Sound
SSD
Video
