CVE-2006-1451

MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2006/May/msg00003.html	Patch
http://www.us-cert.gov/cas/techalerts/TA06-132A.html	US Government Resource
http://securitytracker.com/id?1016077
http://secunia.com/advisories/20077
http://www.securityfocus.com/bid/17951
http://www.osvdb.org/25595
http://www.vupen.com/english/advisories/2006/1779
https://exchange.xforce.ibmcloud.com/vulnerabilities/26420

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.6:::::::*

Information

Published : 2006-05-12 14:02

Updated : 2017-07-19 18:30

NVD link : CVE-2006-1451

Mitre link : CVE-2006-1451

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

apple

mac_os_x

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html", "name": "APPLE-SA-2006-05-11", "tags": ["Patch"], "refsource": "APPLE"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html", "name": "TA06-132A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://securitytracker.com/id?1016077", "name": "1016077", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/20077", "name": "20077", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/17951", "name": "17951", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/25595", "name": "25595", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2006/1779", "name": "ADV-2006-1779", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26420", "name": "macos-mysql-manager-blank-password(26420)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the \"New MySQL root password\" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1451", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-05-12T21:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:30Z"}