Details of VAR-200512-0638

ID

VAR-200512-0638

CVE

CVE-2005-3782

TITLE

Mac OS X Bypass login to restart system vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200512-853

DESCRIPTION

Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username. Apple Mac OS X Server is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users

Trust: 1.35

sources: NVD: CVE-2005-3782 // BID: 87970 // VULHUB: VHN-14990 // VULMON: CVE-2005-3782

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.6	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.4	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4.6	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.3	Trust: 1.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.3

sources: BID: 87970 // CNNVD: CNNVD-200512-853 // NVD: CVE-2005-3782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-3782
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200512-853
value:	LOW
Trust: 0.6
VULHUB:	VHN-14990
value:	LOW
Trust: 0.1
VULMON:	CVE-2005-3782
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2005-3782
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-14990
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-14990 // VULMON: CVE-2005-3782 // CNNVD: CNNVD-200512-853 // NVD: CVE-2005-3782

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3782

THREAT TYPE

local

Trust: 0.9

sources: BID: 87970 // CNNVD: CNNVD-200512-853

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200512-853

EXTERNAL IDS

db:	OSVDB	id:	20776	Trust: 2.1
db:	NVD	id:	CVE-2005-3782	Trust: 2.1
db:	CNNVD	id:	CNNVD-200512-853	Trust: 0.7
db:	BID	id:	87970	Trust: 0.4
db:	VULHUB	id:	VHN-14990	Trust: 0.1
db:	VULMON	id:	CVE-2005-3782	Trust: 0.1

sources: VULHUB: VHN-14990 // VULMON: CVE-2005-3782 // BID: 87970 // CNNVD: CNNVD-200512-853 // NVD: CVE-2005-3782

REFERENCES

url:	http://www.osvdb.org/20776	Trust: 2.1
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-14990 // VULMON: CVE-2005-3782 // BID: 87970 // CNNVD: CNNVD-200512-853 // NVD: CVE-2005-3782

CREDITS

Unknown

Trust: 0.3

sources: BID: 87970

SOURCES

db:	VULHUB	id:	VHN-14990
db:	VULMON	id:	CVE-2005-3782
db:	BID	id:	87970
db:	CNNVD	id:	CNNVD-200512-853
db:	NVD	id:	CVE-2005-3782

LAST UPDATE DATE

2024-08-14T13:39:56.438000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-14990	date:	2008-09-05T00:00:00
db:	VULMON	id:	CVE-2005-3782	date:	2008-09-05T00:00:00
db:	BID	id:	87970	date:	2005-12-31T00:00:00
db:	CNNVD	id:	CNNVD-200512-853	date:	2006-05-22T00:00:00
db:	NVD	id:	CVE-2005-3782	date:	2008-09-05T20:55:16.773

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-14990	date:	2005-12-31T00:00:00
db:	VULMON	id:	CVE-2005-3782	date:	2005-12-31T00:00:00
db:	BID	id:	87970	date:	2005-12-31T00:00:00
db:	CNNVD	id:	CNNVD-200512-853	date:	2005-12-31T00:00:00
db:	NVD	id:	CVE-2005-3782	date:	2005-12-31T05:00:00