CVE-2006-1451 - MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does

CVE-2006-1451

Summary

MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database. This vulnerability is addressed in the following product release: Apple, Mac OS X, 10.4.6 (2006-003)

References

Vulnerable Configurations

cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

apple	APPLE-SA-2006-05-11
bid	17951
cert	TA06-132A
osvdb	25595
sectrack	1016077
secunia	20077
vupen	ADV-2006-1779
xf	macos-mysql-manager-blank-password(26420)

Last major update

20-07-2017 - 01:30

Published

12-05-2006 - 21:02

Last modified

20-07-2017 - 01:30