Vulnerabilities > CVE-2006-3878 - Information Disclosure vulnerability in Opsware Network Automation System 6.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://secunia.com/advisories/21192
- http://securityreason.com/securityalert/1289
- http://securitytracker.com/id?1016566
- http://www.securityfocus.com/archive/1/441024/100/0/threaded
- http://www.securityfocus.com/archive/1/441296/100/0/threaded
- http://www.securityfocus.com/archive/1/444223/100/0/threaded
- http://www.securityfocus.com/bid/19126
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27995