ByteOS Network

Vulnerability Details :

CVE-2006-4393

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-02 Oct, 2006 | 21:00

Updated At-07 Aug, 2024 | 19:06

Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:02 Oct, 2006 | 21:00

Updated At:07 Aug, 2024 | 19:06

▼CVE Numbering Authority (CNA)

Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://securitytracker.com/id?1016959	vdb-entry x_refsource_SECTRACK
http://www.securityfocus.com/bid/20271	vdb-entry x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/29290	vdb-entry x_refsource_XF
http://secunia.com/advisories/22187	third-party-advisory x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3852	vdb-entry x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html	vendor-advisory x_refsource_APPLE
http://www.osvdb.org/29271	vdb-entry x_refsource_OSVDB

Hyperlink: http://securitytracker.com/id?1016959

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: http://www.securityfocus.com/bid/20271

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/29290

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://secunia.com/advisories/22187

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.vupen.com/english/advisories/2006/3852

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html

Resource:

vendor-advisory

x_refsource_APPLE

Hyperlink: http://www.osvdb.org/29271

Resource:

vdb-entry

x_refsource_OSVDB

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://securitytracker.com/id?1016959	vdb-entry x_refsource_SECTRACK x_transferred
http://www.securityfocus.com/bid/20271	vdb-entry x_refsource_BID x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/29290	vdb-entry x_refsource_XF x_transferred
http://secunia.com/advisories/22187	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.vupen.com/english/advisories/2006/3852	vdb-entry x_refsource_VUPEN x_transferred
http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html	vendor-advisory x_refsource_APPLE x_transferred
http://www.osvdb.org/29271	vdb-entry x_refsource_OSVDB x_transferred

Hyperlink: http://securitytracker.com/id?1016959

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: http://www.securityfocus.com/bid/20271

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/29290

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://secunia.com/advisories/22187

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2006/3852

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html

Resource:

vendor-advisory

x_refsource_APPLE

x_transferred

Hyperlink: http://www.osvdb.org/29271

Resource:

vdb-entry

x_refsource_OSVDB

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:03 Oct, 2006 | 04:02

Updated At:20 Jul, 2017 | 01:33

Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	3.7	LOW	AV:L/AC:H/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 3.7

Base severity: LOW

Vector:

AV:L/AC:H/Au:N/C:P/I:P/A:P

CPE Matches

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html	cve@mitre.org	Patch
http://secunia.com/advisories/22187	cve@mitre.org	Patch Vendor Advisory
http://securitytracker.com/id?1016959	cve@mitre.org	Patch
http://www.osvdb.org/29271	cve@mitre.org	N/A
http://www.securityfocus.com/bid/20271	cve@mitre.org	Patch
http://www.vupen.com/english/advisories/2006/3852	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/29290	cve@mitre.org	N/A

Hyperlink: http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html

Source: cve@mitre.org

Resource:

Patch

Hyperlink: http://secunia.com/advisories/22187

Source: cve@mitre.org

Resource:

Patch

Vendor Advisory

Hyperlink: http://securitytracker.com/id?1016959

Source: cve@mitre.org

Resource:

Patch

Hyperlink: http://www.osvdb.org/29271

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/20271

Source: cve@mitre.org

Resource:

Patch

Hyperlink: http://www.vupen.com/english/advisories/2006/3852

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/29290

Source: cve@mitre.org

Resource: N/A

Similar CVEs

5Records found

CVE-2013-5147

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-3.7||LOW

EPSS-0.48% / 64.11%

7 Day CHG~0.00%

Published-19 Sep, 2013 | 10:00

Updated-11 Apr, 2025 | 00:51

Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.

Vendor-n/a Apple Inc.

Product-iphone_os n/a

CWE ID-CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE-2005-1727

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-3.7||LOW

EPSS-0.05% / 13.43%

7 Day CHG~0.00%

Published-14 Jun, 2005 | 04:00

Updated-03 Apr, 2025 | 01:03

Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."

Vendor-n/a Apple Inc.

Product-mac_os_x_server n/a

CVE-2020-3980

Matching Score-8

Assigner-VMware by Broadcom

View Details

Matching Score-8

Assigner-VMware by Broadcom

CVSS Score-6.7||MEDIUM

EPSS-0.11% / 29.43%

7 Day CHG~0.00%

Published-16 Sep, 2020 | 16:13

Updated-04 Aug, 2024 | 07:52

VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.

Vendor-n/a Apple Inc.VMware (Broadcom Inc.)

Product-mac_os_x fusion VMware Fusion

CVE-2008-4229

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-3.7||LOW

EPSS-0.06% / 17.41%

7 Day CHG~0.00%

Published-25 Nov, 2008 | 23:00

Updated-07 Aug, 2024 | 10:08

Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.

Vendor-n/a Apple Inc.

Product-iphone_os ipod_touch n/a

CWE ID-CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE-2013-5229

Matching Score-8

Assigner-Apple Inc.

View Details

Matching Score-8

Assigner-Apple Inc.

CVSS Score-3.7||LOW

EPSS-0.06% / 17.03%

7 Day CHG~0.00%

Published-14 Nov, 2015 | 02:00

Updated-12 Apr, 2025 | 10:46

The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.

Vendor-n/a Apple Inc.

Product-mac_os_x apple_remote_desktop n/a

CVE-2006-4393

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs