ID

VAR-200604-0468


CVE

CVE-2006-0401


TITLE

Apple MAC OS X Unknown vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200604-056

DESCRIPTION

Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. Mac OS X running on Intel-based Macintosh computers is prone to an authentication-bypass vulnerability. SOLUTION: Update to version 10.4.6. http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: The vendor credits David Pugh, University of Michigan. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=303567 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-0401 // BID: 17364 // VULHUB: VHN-16509 // PACKETSTORM: 45152

AFFECTED PRODUCTS

vendor:applemodel:mac os x serverscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.4.6

Trust: 0.3

sources: BID: 17364 // CNNVD: CNNVD-200604-056 // NVD: CVE-2006-0401

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0401
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200604-056
value: MEDIUM

Trust: 0.6

VULHUB: VHN-16509
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-0401
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-16509
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16509 // CNNVD: CNNVD-200604-056 // NVD: CVE-2006-0401

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0401

THREAT TYPE

local

Trust: 0.9

sources: BID: 17364 // CNNVD: CNNVD-200604-056

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200604-056

EXTERNAL IDS

db:BIDid:17364

Trust: 2.0

db:NVDid:CVE-2006-0401

Trust: 2.0

db:SECUNIAid:19462

Trust: 1.8

db:OSVDBid:24399

Trust: 1.7

db:SECTRACKid:1015859

Trust: 1.7

db:VUPENid:ADV-2006-1215

Trust: 1.7

db:CNNVDid:CNNVD-200604-056

Trust: 0.7

db:XFid:25620

Trust: 0.6

db:VULHUBid:VHN-16509

Trust: 0.1

db:PACKETSTORMid:45152

Trust: 0.1

sources: VULHUB: VHN-16509 // BID: 17364 // PACKETSTORM: 45152 // CNNVD: CNNVD-200604-056 // NVD: CVE-2006-0401

REFERENCES

url:http://docs.info.apple.com/article.html?artnum=303567

Trust: 2.1

url:http://www.securityfocus.com/bid/17364

Trust: 1.7

url:http://www.osvdb.org/24399

Trust: 1.7

url:http://securitytracker.com/id?1015859

Trust: 1.7

url:http://secunia.com/advisories/19462

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/1215

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/25620

Trust: 1.1

url:http://www.frsirt.com/english/advisories/2006/1215

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/25620

Trust: 0.6

url:http://www.apple.com/macosx/

Trust: 0.3

url:http://www.apple.com

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/19462/

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/96/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-16509 // BID: 17364 // PACKETSTORM: 45152 // CNNVD: CNNVD-200604-056 // NVD: CVE-2006-0401

CREDITS

The vendor credits David Pugh with the discovery of this issue.

Trust: 0.9

sources: BID: 17364 // CNNVD: CNNVD-200604-056

SOURCES

db:VULHUBid:VHN-16509
db:BIDid:17364
db:PACKETSTORMid:45152
db:CNNVDid:CNNVD-200604-056
db:NVDid:CVE-2006-0401

LAST UPDATE DATE

2024-11-23T23:03:32.854000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-16509date:2017-07-20T00:00:00
db:BIDid:17364date:2006-04-04T18:23:00
db:CNNVDid:CNNVD-200604-056date:2006-04-05T00:00:00
db:NVDid:CVE-2006-0401date:2024-11-21T00:06:22.613

SOURCES RELEASE DATE

db:VULHUBid:VHN-16509date:2006-04-05T00:00:00
db:BIDid:17364date:2006-04-03T00:00:00
db:PACKETSTORMid:45152date:2006-04-04T19:25:51
db:CNNVDid:CNNVD-200604-056date:2006-04-05T00:00:00
db:NVDid:CVE-2006-0401date:2006-04-05T10:04:00