Vulnerabilities > CVE-2006-1451 - Multiple vulnerability in Apple Mac OS X Security Update 2006-003
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database. This vulnerability is addressed in the following product release: Apple, Mac OS X, 10.4.6 (2006-003)
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 |
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_SECUPD2006-003.NASL |
description | The remote host is running Apple Mac OS X, but lacks Security Update 2006-003. This security update contains fixes for the following applications : AppKit ImageIO BOM CFNetwork ClamAV (Mac OS X Server only) CoreFoundation CoreGraphics Finder FTPServer Flash Player KeyCHain LaunchServices libcurl Mail MySQL Manager (Mac OS X Server only) Preview QuickDraw QuickTime Streaming Server Ruby Safari |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21341 |
published | 2006-05-12 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21341 |
title | Mac OS X Multiple Vulnerabilities (Security Update 2006-003) |
code |
|
References
- http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
- http://secunia.com/advisories/20077
- http://securitytracker.com/id?1016077
- http://www.osvdb.org/25595
- http://www.securityfocus.com/bid/17951
- http://www.us-cert.gov/cas/techalerts/TA06-132A.html
- http://www.vupen.com/english/advisories/2006/1779
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26420