CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
5.1%
Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql.
Vendor | Product | Version | CPE |
---|---|---|---|
opsware | network_automation_system | 6.0 | cpe:2.3:a:opsware:network_automation_system:6.0:*:*:*:*:*:*:* |
secunia.com/advisories/21192
securityreason.com/securityalert/1289
securitytracker.com/id?1016566
www.securityfocus.com/archive/1/441024/100/0/threaded
www.securityfocus.com/archive/1/441296/100/0/threaded
www.securityfocus.com/archive/1/444223/100/0/threaded
www.securityfocus.com/bid/19126
exchange.xforce.ibmcloud.com/vulnerabilities/27995