Mac OS X 10.4.x < 10.4.6 Firmware Unspecified Password Bypass

medium Nessus Plugin ID 21175

Synopsis

The remote host is missing a Mac OS X update which fixes a security issue.

Description

The remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.6.

Mac OS X 10.4.6 contains a security fix for a local authentication bypass vulnerability. A malicious local user may exploit this vulnerability to bypass the firmware password and gain access to Single User mode.

This vulnerability only affects intel-based Macintoshes.

Solution

Upgrade to Mac OS X 10.4.6 :

http://www.apple.com/support/downloads/macosx1046forintel.html

See Also

http://www.nessus.org/u?271eb297

Plugin Details

Severity: Medium

ID: 21175

File Name: macosx_10_4_6.nasl

Version: 1.20

Type: local

Agent: macosx

Published: 4/3/2006

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:10.4

Exploit Ease: No known exploits are available

Patch Publication Date: 4/3/2006

Vulnerability Publication Date: 4/3/2006

Reference Information

CVE: CVE-2006-0401

BID: 17364