CVE-2005-3782

Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.osvdb.org/20776	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.6:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.6:::::::*

History

No history.

Information

Published : 2005-12-31 05:00

Updated : 2023-12-10 10:28

NVD link : CVE-2005-3782

Mitre link : CVE-2005-3782

CVE.ORG link : CVE-2005-3782

JSON object : View

Products Affected

apple

mac_os_x_server
mac_os_x

CWE

NVD-CWE-Other

{"id": "CVE-2005-3782", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-12-31T05:00:00.000", "references": [{"url": "http://www.osvdb.org/20776", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the \"Name and password\" setting, and the \"Show the Restart, Sleep, and Shut Down buttons\" option is disabled, allows users with physical access to bypass login and reboot the system by entering \">restart\", \">power\", or \">shutdown\" sequences after the username."}], "lastModified": "2008-09-05T20:55:16.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B73A0891-A37A-4E0D-AA73-B18BFD6B1447"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26AC38AB-D689-4B2B-9DAE-F03F4DFD15BE"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C580935-0091-4163-B747-750FB7686973"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB0F2132-8431-4CEF-9A3D-A69425E3834E"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD231103-D7C7-4697-BE90-D67558D6115C"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCADAAA0-C885-466C-A122-A94E73EAF817"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "448DB1C7-7B0C-4076-9B9F-1CDCD5EB6930"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BE429EF-24D4-453A-8B43-8CCEF5D72773"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}