CVE-2006-1451 Information

Description

MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6 when setting up a new MySQL database server does not use the \New MySQL root password\ that is provided which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.

Reference

http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/20077 http://securitytracker.com/id?1016077 http://www.osvdb.org/25595 http://www.securityfocus.com/bid/17951 http://www.us-cert.gov/cas/techalerts/TA06-132A.html http://www.vupen.com/english/advisories/2006/1779 https://exchange.xforce.ibmcloud.com/vulnerabilities/26420