Vulnerabilities > CVE-2006-4393 - Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8

047910
CVSS 3.7 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
high complexity
apple
nessus

Summary

Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_4_8.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.8. Mac OS X 10.4.8 contains several security fixes for the following programs : - CFNetwork - Flash Player - ImageIO - Kernel - LoginWindow - Preferences - QuickDraw Manager - SASL - WebCore - Workgroup Manager
    last seen2020-06-01
    modified2020-06-02
    plugin id22476
    published2006-09-29
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22476
    titleMac OS X 10.4.x < 10.4.8 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    
    include("compat.inc");
    
    if(description)
    {
     script_id(22476);
     script_version ("1.18");
     if ( NASL_LEVEL >= 3000 )
     script_cve_id("CVE-2006-4390", "CVE-2006-3311", "CVE-2006-3587", "CVE-2006-3588", "CVE-2006-4640", 
                   "CVE-2006-4391", "CVE-2006-4392", "CVE-2006-4397", "CVE-2006-4393", "CVE-2006-4394", 
                   "CVE-2006-4387", "CVE-2006-4395", "CVE-2006-1721", "CVE-2006-3946", "CVE-2006-4399");
     script_bugtraq_id(20271);
    
     if ( NASL_LEVEL >= 3000 )
     {
      # nb: 29275 is invalid
    }
    
     script_name(english:"Mac OS X 10.4.x < 10.4.8 Multiple Vulnerabilities");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update which fixes a security
    issue." );
     script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.4.x that is prior
    to 10.4.8.
    
    Mac OS X 10.4.8 contains several security fixes for the following 
    programs :
    
     - CFNetwork
     - Flash Player
     - ImageIO
     - Kernel
     - LoginWindow
     - Preferences
     - QuickDraw Manager
     - SASL
     - WebCore
     - Workgroup Manager" );
     script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=304460" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to Mac OS X 10.4.8 :
    http://www.apple.com/support/downloads/macosx1048updateintel.html
    http://www.apple.com/support/downloads/macosx1048updateppc.html
    http://www.apple.com/support/downloads/macosxserver1048update.html" );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploit_framework_core", value:"true");
     script_cwe_id(264);
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2006/09/29");
     script_set_attribute(attribute:"vuln_publication_date", value: "2006/04/07");
     script_cvs_date("Date: 2018/07/14  1:59:35");
     script_set_attribute(attribute:"patch_publication_date", value: "2006/11/14");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
    script_end_attributes();
    
     script_summary(english:"Check for the version of Mac OS X");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
     script_dependencies("ssh_get_info.nasl","mdns.nasl", "ntp_open.nasl");
     #script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    
    os = get_kb_item("Host/MacOSX/Version");
    if ( ! os ) os = get_kb_item("mDNS/os");
    if ( ! os ) exit(0);
    if ( ereg(pattern:"Mac OS X 10\.4($|\.[1-7]([^0-9]|$))", string:os)) security_hole(0);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2006-006.NASL
    descriptionThe remote host is running a version of Mac OS X 10.3 which does not have the security update 2006-006 applied. Security Update 2006-006 contains several security fixes for the following programs : - CFNetwork - Flash Player - QuickDraw Manager - SASL - WebCore
    last seen2020-06-01
    modified2020-06-02
    plugin id22479
    published2006-09-29
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22479
    titleMac OS X Multiple Vulnerabilities (Security Update 2006-006)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    
    include("compat.inc");
    
    if(description)
    {
     script_id(22479);
     script_version ("1.18");
     script_cvs_date("Date: 2018/07/14  1:59:35");
    
     script_cve_id("CVE-2006-1721", "CVE-2006-3311", "CVE-2006-3587", "CVE-2006-3588", "CVE-2006-3946",
                   "CVE-2006-4387", "CVE-2006-4390", "CVE-2006-4391", "CVE-2006-4392", "CVE-2006-4393",
                   "CVE-2006-4394", "CVE-2006-4395", "CVE-2006-4397", "CVE-2006-4399", "CVE-2006-4640");
     script_bugtraq_id(20271);
    
     script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2006-006)");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update which fixes a security
    issue." );
     script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.3 which does not have
    the security update 2006-006 applied.
    
    Security Update 2006-006 contains several security fixes for the following 
    programs :
    
     - CFNetwork
     - Flash Player
     - QuickDraw Manager
     - SASL
     - WebCore" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to Mac OS X 10.4.8 :
    http://www.apple.com/support/downloads/macosx1048updateintel.html
    http://www.apple.com/support/downloads/macosx1048updateppc.html" );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploit_framework_core", value:"true");
     script_cwe_id(264);
     script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=304460" );
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2006/09/29");
     script_set_attribute(attribute:"vuln_publication_date", value: "2006/07/31");
     script_set_attribute(attribute:"patch_publication_date", value: "2006/09/29");
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
     script_end_attributes();
    
     script_summary(english:"Check for the version of Mac OS X");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
     script_dependencies("ssh_get_info.nasl","mdns.nasl", "ntp_open.nasl");
     script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    
    uname = get_kb_item("Host/uname");
    if ( egrep(pattern:"Darwin.* 7\.[0-9]\.", string:uname) )
    {
      if (!egrep(pattern:"^SecUpd(Srvr)?(2006-00[67]|2007-003)", string:packages)) security_hole(0);
    }