Details of VAR-200604-0468

ID

VAR-200604-0468

CVE

CVE-2006-0401

TITLE

Apple MAC OS X Unknown vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200604-056

DESCRIPTION

Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. Mac OS X running on Intel-based Macintosh computers is prone to an authentication-bypass vulnerability. SOLUTION: Update to version 10.4.6. http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: The vendor credits David Pugh, University of Michigan. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=303567 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-0401 // BID: 17364 // VULHUB: VHN-16509 // PACKETSTORM: 45152

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.5	Trust: 1.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.4.6	Trust: 0.3

sources: BID: 17364 // CNNVD: CNNVD-200604-056 // NVD: CVE-2006-0401

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-0401
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200604-056
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-16509
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-0401
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-16509
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-16509 // CNNVD: CNNVD-200604-056 // NVD: CVE-2006-0401

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0401

THREAT TYPE

local

Trust: 0.9

sources: BID: 17364 // CNNVD: CNNVD-200604-056

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200604-056

EXTERNAL IDS

db:	BID	id:	17364	Trust: 2.0
db:	NVD	id:	CVE-2006-0401	Trust: 2.0
db:	SECUNIA	id:	19462	Trust: 1.8
db:	OSVDB	id:	24399	Trust: 1.7
db:	SECTRACK	id:	1015859	Trust: 1.7
db:	VUPEN	id:	ADV-2006-1215	Trust: 1.7
db:	CNNVD	id:	CNNVD-200604-056	Trust: 0.7
db:	XF	id:	25620	Trust: 0.6
db:	VULHUB	id:	VHN-16509	Trust: 0.1
db:	PACKETSTORM	id:	45152	Trust: 0.1

sources: VULHUB: VHN-16509 // BID: 17364 // PACKETSTORM: 45152 // CNNVD: CNNVD-200604-056 // NVD: CVE-2006-0401

REFERENCES

url:	http://docs.info.apple.com/article.html?artnum=303567	Trust: 2.1
url:	http://www.securityfocus.com/bid/17364	Trust: 1.7
url:	http://www.osvdb.org/24399	Trust: 1.7
url:	http://securitytracker.com/id?1015859	Trust: 1.7
url:	http://secunia.com/advisories/19462	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/1215	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/25620	Trust: 1.1
url:	http://www.frsirt.com/english/advisories/2006/1215	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/25620	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://www.apple.com	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/19462/	Trust: 0.1
url:	http://www.apple.com/support/downloads/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/96/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-16509 // BID: 17364 // PACKETSTORM: 45152 // CNNVD: CNNVD-200604-056 // NVD: CVE-2006-0401

CREDITS

The vendor credits David Pugh with the discovery of this issue.

Trust: 0.9

sources: BID: 17364 // CNNVD: CNNVD-200604-056

SOURCES

db:	VULHUB	id:	VHN-16509
db:	BID	id:	17364
db:	PACKETSTORM	id:	45152
db:	CNNVD	id:	CNNVD-200604-056
db:	NVD	id:	CVE-2006-0401

LAST UPDATE DATE

2024-08-14T14:59:13.803000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-16509	date:	2017-07-20T00:00:00
db:	BID	id:	17364	date:	2006-04-04T18:23:00
db:	CNNVD	id:	CNNVD-200604-056	date:	2006-04-05T00:00:00
db:	NVD	id:	CVE-2006-0401	date:	2017-07-20T01:29:43.973

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-16509	date:	2006-04-05T00:00:00
db:	BID	id:	17364	date:	2006-04-03T00:00:00
db:	PACKETSTORM	id:	45152	date:	2006-04-04T19:25:51
db:	CNNVD	id:	CNNVD-200604-056	date:	2006-04-05T00:00:00
db:	NVD	id:	CVE-2006-0401	date:	2006-04-05T10:04:00