Lucene search

[email protected]CVE-2006-4397

HistoryOct 03, 2006 - 4:02 a.m.

CVE-2006-4397

2006-10-0304:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

apple

mac

os x

loginwindow

kerberos

cve-2006-4397

nvd

6.4 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.2%

JSON

Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user’s Kerberos tickets.

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.4.3
apple:mac_os_xapple mac os xeq10.4.1
apple:mac_os_xapple mac os xeq10.4.7
apple:mac_os_xapple mac os xeq10.4.4
apple:mac_os_xapple mac os xeq10.4
apple:mac_os_xapple mac os xeq10.4.6
apple:mac_os_xapple mac os xeq10.4.5
apple:mac_os_xapple mac os xeq10.4.2

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.4.3
apple:mac_os_x	apple mac os x	eq	10.4.1
apple:mac_os_x	apple mac os x	eq	10.4.7
apple:mac_os_x	apple mac os x	eq	10.4.4
apple:mac_os_x	apple mac os x	eq	10.4
apple:mac_os_x	apple mac os x	eq	10.4.6
apple:mac_os_x	apple mac os x	eq	10.4.5
apple:mac_os_x	apple mac os x	eq	10.4.2

References

lists.apple.com/archives/security-announce/2006/Sep/msg00002.html

secunia.com/advisories/22187

securitytracker.com/id?1016959

www.osvdb.org/29270

www.securityfocus.com/bid/20271

www.vupen.com/english/advisories/2006/3852

6.4 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.2%

JSON

Related for CVE-2006-4397

nessus2