I was pointed by a colleague that ARDAgent can be exploited locally to gain “root” privileges under MacOS 10.4 and 10.5. A quick search on Google turned up this post on Macworld that gives some details about this issue.
To check whether you’re vulnerable type the following in a Terminal window:
osascript -e 'tell app "ARDAgent" to do shell script "whoami"';
And if it says root you are vulnerable. To quickly protect you type the following:
sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent