Lucene search

[email protected]CVE-2006-3878

HistoryJul 27, 2006 - 1:04 a.m.

CVE-2006-3878

2006-07-2701:04:00

[email protected]

web.nvd.nist.gov

opsware

nas

6.0

insecure permissions

mysql max

database

privileges

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql.

Affected configurations

NVD

Node

opswarenetwork_automation_systemMatch6.0

CPENameOperatorVersion
opsware:network_automation_systemopsware network automation systemeq6.0

CPE	Name	Operator	Version
opsware:network_automation_system	opsware network automation system	eq	6.0

References

secunia.com/advisories/21192

securityreason.com/securityalert/1289

securitytracker.com/id?1016566

www.securityfocus.com/archive/1/441024/100/0/threaded

www.securityfocus.com/archive/1/441296/100/0/threaded

www.securityfocus.com/archive/1/444223/100/0/threaded

www.securityfocus.com/bid/19126

exchange.xforce.ibmcloud.com/vulnerabilities/27995

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2006-3878

cvelist1 nvd1