Action not permitted
Modal body text goes here.
CVE-2006-4407
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:06:07.657Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2006-4750", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "name": "30731", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/30731" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "21335", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/21335" }, { "name": "VU#734032", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/734032" }, { "name": "1017298", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017298" }, { "name": "23155", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23155" }, { "name": "APPLE-SA-2006-11-28", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "TA06-333A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-11-28T00:00:00", "descriptions": [ { "lang": "en", "value": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-12-04T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ADV-2006-4750", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "name": "30731", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/30731" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "21335", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/21335" }, { "name": "VU#734032", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/734032" }, { "name": "1017298", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017298" }, { "name": "23155", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23155" }, { "name": "APPLE-SA-2006-11-28", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "TA06-333A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4407", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2006-4750", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "name": "30731", "refsource": "OSVDB", "url": "http://www.osvdb.org/30731" }, { "name": "http://docs.info.apple.com/article.html?artnum=304829", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "21335", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21335" }, { "name": "VU#734032", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/734032" }, { "name": "1017298", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017298" }, { "name": "23155", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23155" }, { "name": "APPLE-SA-2006-11-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "TA06-333A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4407", "datePublished": "2006-11-30T16:00:00", "dateReserved": "2006-08-28T00:00:00", "dateUpdated": "2024-08-07T19:06:07.657Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2006-4407\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-11-30T16:28:00.000\",\"lastModified\":\"2011-03-08T02:40:52.703\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.\"},{\"lang\":\"es\",\"value\":\"El subsistema de seguridad de Apple Mac OS X 10.3.x hasta 10.3.9 no prioriza adecuadamente el cifrado de encriptaci\u00f3n cuando negocia cifrado compartido fuerte, lo cual provoca Transporte Seguro al usuario, un cifrado m\u00e1s d\u00e9bil que facilita a atacantes remotos desencriptar el tr\u00e1fico.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFDADE04-29F0-446B-824B-0518880CF0A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED9BE602-A740-4CF7-9CAF-59061B16AB31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E698C1-C313-40E6-BAF9-7C8F9CF02484\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF2D00AC-FA2A-4C39-B796-DC19072862CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"421079DA-B605-4E05-9454-C30CF7631CF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93B734BA-3435-40A9-B22B-5D56CEB865A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4B57B3E-B1B2-4F13-99D3-4F9DB3C07B5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30897327-44DD-4D6C-B8B6-2D66C44EA55D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B79D8F73-2E78-4A67-96BB-21AD9BCB0094\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=304829\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23155\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017298\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/734032\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/30731\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/21335\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-333A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4750\",\"source\":\"cve@mitre.org\"}]}}" } }
ghsa-xc56-9xqx-f7f7
Vulnerability from github
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.
{ "affected": [], "aliases": [ "CVE-2006-4407" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2006-11-30T16:28:00Z", "severity": "MODERATE" }, "details": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.", "id": "GHSA-xc56-9xqx-f7f7", "modified": "2022-05-01T07:18:24Z", "published": "2022-05-01T07:18:24Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4407" }, { "type": "WEB", "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "type": "WEB", "url": "http://secunia.com/advisories/23155" }, { "type": "WEB", "url": "http://securitytracker.com/id?1017298" }, { "type": "WEB", "url": "http://www.kb.cert.org/vuls/id/734032" }, { "type": "WEB", "url": "http://www.osvdb.org/30731" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/21335" }, { "type": "WEB", "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2006/4750" } ], "schema_version": "1.4.0", "severity": [] }
gsd-2006-4407
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2006-4407", "description": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.", "id": "GSD-2006-4407" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2006-4407" ], "details": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.", "id": "GSD-2006-4407", "modified": "2023-12-13T01:19:52.199454Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4407", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2006-4750", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "name": "30731", "refsource": "OSVDB", "url": "http://www.osvdb.org/30731" }, { "name": "http://docs.info.apple.com/article.html?artnum=304829", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "21335", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21335" }, { "name": "VU#734032", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/734032" }, { "name": "1017298", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017298" }, { "name": "23155", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23155" }, { "name": "APPLE-SA-2006-11-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "TA06-333A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4407" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ] }, "references": { "reference_data": [ { "name": "http://docs.info.apple.com/article.html?artnum=304829", "refsource": "CONFIRM", "tags": [], "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "name": "APPLE-SA-2006-11-28", "refsource": "APPLE", "tags": [], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" }, { "name": "TA06-333A", "refsource": "CERT", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" }, { "name": "23155", "refsource": "SECUNIA", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/23155" }, { "name": "VU#734032", "refsource": "CERT-VN", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/734032" }, { "name": "21335", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/21335" }, { "name": "1017298", "refsource": "SECTRACK", "tags": [], "url": "http://securitytracker.com/id?1017298" }, { "name": "30731", "refsource": "OSVDB", "tags": [], "url": "http://www.osvdb.org/30731" }, { "name": "ADV-2006-4750", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2006/4750" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2011-03-08T02:40Z", "publishedDate": "2006-11-30T16:28Z" } } }
var-200609-1034
Vulnerability from variot
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1034", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": null, "scope": null, "trust": 2.4, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openpkg", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openssl", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "suse linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "slackware linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "rpath", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "apple computer", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.8" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "appgate network security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "attachmatewrq", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "avaya", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gnutls", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "iaik java group", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "internet consortium", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "intoto", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "juniper", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mozilla", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openwall gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "opera", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "rsa security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ssh security corp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sybase", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vandyke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "stonesoft", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.3.x to 10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "directory pro", "scope": "eq", "trust": 0.3, "vendor": "cosmicperl", "version": "10.0.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.03" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Benjamin WilliamsMu SecurityEric CroninDr. Stephen N. HensonTim\u203b darksock@uhagr.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "cve": "CVE-2006-4407", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2006-4407", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-20515", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2006-4407", "trust": 1.8, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#386964", "trust": 0.8, "value": "0.32" }, { "author": "CARNEGIE MELLON", "id": "VU#734032", "trust": 0.8, "value": "10.94" }, { "author": "CARNEGIE MELLON", "id": "VU#845620", "trust": 0.8, "value": "7.56" }, { "author": "CARNEGIE MELLON", "id": "VU#547300", "trust": 0.8, "value": "2.53" }, { "author": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-20515", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available", "sources": [ { "db": "NVD", "id": "CVE-2006-4407" }, { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "BID", "id": "21335" }, { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 4.86 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#734032", "trust": 3.3 }, { "db": "USCERT", "id": "TA06-333A", "trust": 2.8 }, { "db": "NVD", "id": "CVE-2006-4407", "trust": 2.8 }, { "db": "SECUNIA", "id": "23155", "trust": 2.5 }, { "db": "BID", "id": "22083", "trust": 2.4 }, { "db": "BID", "id": "21335", "trust": 2.0 }, { "db": "SECTRACK", "id": "1017298", "trust": 1.7 }, { "db": "OSVDB", "id": "30731", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2006-4750", "trust": 1.7 }, { "db": "SECUNIA", "id": "23280", "trust": 1.6 }, { "db": "SECUNIA", "id": "23309", "trust": 1.6 }, { "db": "BID", "id": "20246", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#386964", "trust": 0.8 }, { "db": "SECUNIA", "id": "21709", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#845620", "trust": 0.8 }, { "db": "SECUNIA", "id": "22207", "trust": 0.8 }, { "db": "SECUNIA", "id": "22212", "trust": 0.8 }, { "db": "SECUNIA", "id": "22116", "trust": 0.8 }, { "db": "SECUNIA", "id": "22216", "trust": 0.8 }, { "db": "SECUNIA", "id": "22220", "trust": 0.8 }, { "db": "SECUNIA", "id": "22330", "trust": 0.8 }, { "db": "SECUNIA", "id": "22130", "trust": 0.8 }, { "db": "SECUNIA", "id": "22240", "trust": 0.8 }, { "db": "SECUNIA", "id": "22259", "trust": 0.8 }, { "db": "SECUNIA", "id": "22260", "trust": 0.8 }, { "db": "SECUNIA", "id": "22165", "trust": 0.8 }, { "db": "SECUNIA", "id": "22166", "trust": 0.8 }, { "db": "SECUNIA", "id": "22172", "trust": 0.8 }, { "db": "SECUNIA", "id": "22284", "trust": 0.8 }, { "db": "SECUNIA", "id": "22186", "trust": 0.8 }, { "db": "SECUNIA", "id": "22193", "trust": 0.8 }, { "db": "SECUNIA", "id": "22094", "trust": 0.8 }, { "db": "BID", "id": "20249", "trust": 0.8 }, { "db": "SECTRACK", "id": "1016943", "trust": 0.8 }, { "db": "XF", "id": "29237", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#547300", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2006-001152", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.7 }, { "db": "CERT/CC", "id": "TA06-333A", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2006-11-28", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-20515", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "id": "VAR-200609-1034", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 0.01 }, "last_update_date": "2024-06-05T21:58:52.479000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2006-11-28", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2006-001152" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "trust": 2.8, "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html" }, { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/734032" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/22083" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/21335" }, { "trust": 1.7, "url": "http://www.osvdb.org/30731" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1017298" }, { "trust": 1.7, "url": "http://secunia.com/advisories/23155" }, { "trust": 1.6, "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23280/" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23309/" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23386964/index.html" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20246" }, { "trust": 0.8, "url": "http://secunia.com/advisories/23155/" }, { "trust": 0.8, "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html" }, { "trust": 0.8, "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060905.txt " }, { "trust": 0.8, "url": "http://secunia.com/advisories/21709/" }, { "trust": 0.8, "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125" }, { "trust": 0.8, "url": "http://www.ietf.org/rfc/rfc3447.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23547300/index.html" }, { "trust": 0.8, "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html " }, { "trust": 0.8, "url": "https://issues.rpath.com/browse/rpl-613 " }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060928.txt " }, { "trust": 0.8, "url": "http://kolab.org/security/kolab-vendor-notice-11.txt " }, { "trust": 0.8, "url": "http://openvpn.net/changelog.html " }, { "trust": 0.8, "url": "http://www.serv-u.com/releasenotes/ " }, { "trust": 0.8, "url": "http://openbsd.org/errata.html#openssl2 " }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20249 " }, { "trust": 0.8, "url": "http://securitytracker.com/id?1016943 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22130 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22094 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22165 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22186 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22193 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22207 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22259 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22260 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22166 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22172 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22212 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22240 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22216 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22116 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22220 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22284 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22330 " }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/29237 " }, { "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4407" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4407" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2006/4750" }, { "trust": 0.3, "url": "http://www.info.apple.com/usen/security/security_updates.html" }, { "trust": 0.3, "url": "http://www.apple.com/macosx/" }, { "trust": 0.3, "url": "http://labs.musecurity.com/advisories/mu-200611-01.txt" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2006-09-11T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2006-11-30T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-28T00:00:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2006-11-30T16:28:00", "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2007-02-08T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2011-03-08T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-30T20:25:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2011-03-08T02:40:52.703000", "db": "NVD", "id": "CVE-2006-4407" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL SSLv2 client code fails to properly check for NULL", "sources": [ { "db": "CERT/CC", "id": "VU#386964" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 } }
var-200609-1143
Vulnerability from variot
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1143", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": null, "scope": null, "trust": 2.4, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openpkg", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openssl", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "suse linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "slackware linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "rpath", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "apple computer", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.8" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "appgate network security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "attachmatewrq", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "avaya", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gnutls", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "iaik java group", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "internet consortium", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "intoto", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "juniper", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mozilla", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openwall gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "opera", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "rsa security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ssh security corp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sybase", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vandyke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "stonesoft", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.3.x to 10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "directory pro", "scope": "eq", "trust": 0.3, "vendor": "cosmicperl", "version": "10.0.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.03" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Benjamin WilliamsMu SecurityEric CroninDr. Stephen N. HensonTim\u203b darksock@uhagr.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "cve": "CVE-2006-4407", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2006-4407", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-20515", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2006-4407", "trust": 1.8, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#386964", "trust": 0.8, "value": "0.32" }, { "author": "CARNEGIE MELLON", "id": "VU#734032", "trust": 0.8, "value": "10.94" }, { "author": "CARNEGIE MELLON", "id": "VU#845620", "trust": 0.8, "value": "7.56" }, { "author": "CARNEGIE MELLON", "id": "VU#547300", "trust": 0.8, "value": "2.53" }, { "author": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-20515", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available", "sources": [ { "db": "NVD", "id": "CVE-2006-4407" }, { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "BID", "id": "21335" }, { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 4.86 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#734032", "trust": 3.3 }, { "db": "USCERT", "id": "TA06-333A", "trust": 2.8 }, { "db": "NVD", "id": "CVE-2006-4407", "trust": 2.8 }, { "db": "SECUNIA", "id": "23155", "trust": 2.5 }, { "db": "BID", "id": "22083", "trust": 2.4 }, { "db": "BID", "id": "21335", "trust": 2.0 }, { "db": "SECTRACK", "id": "1017298", "trust": 1.7 }, { "db": "OSVDB", "id": "30731", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2006-4750", "trust": 1.7 }, { "db": "SECUNIA", "id": "23280", "trust": 1.6 }, { "db": "SECUNIA", "id": "23309", "trust": 1.6 }, { "db": "BID", "id": "20246", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#386964", "trust": 0.8 }, { "db": "SECUNIA", "id": "21709", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#845620", "trust": 0.8 }, { "db": "SECUNIA", "id": "22207", "trust": 0.8 }, { "db": "SECUNIA", "id": "22212", "trust": 0.8 }, { "db": "SECUNIA", "id": "22116", "trust": 0.8 }, { "db": "SECUNIA", "id": "22216", "trust": 0.8 }, { "db": "SECUNIA", "id": "22220", "trust": 0.8 }, { "db": "SECUNIA", "id": "22330", "trust": 0.8 }, { "db": "SECUNIA", "id": "22130", "trust": 0.8 }, { "db": "SECUNIA", "id": "22240", "trust": 0.8 }, { "db": "SECUNIA", "id": "22259", "trust": 0.8 }, { "db": "SECUNIA", "id": "22260", "trust": 0.8 }, { "db": "SECUNIA", "id": "22165", "trust": 0.8 }, { "db": "SECUNIA", "id": "22166", "trust": 0.8 }, { "db": "SECUNIA", "id": "22172", "trust": 0.8 }, { "db": "SECUNIA", "id": "22284", "trust": 0.8 }, { "db": "SECUNIA", "id": "22186", "trust": 0.8 }, { "db": "SECUNIA", "id": "22193", "trust": 0.8 }, { "db": "SECUNIA", "id": "22094", "trust": 0.8 }, { "db": "BID", "id": "20249", "trust": 0.8 }, { "db": "SECTRACK", "id": "1016943", "trust": 0.8 }, { "db": "XF", "id": "29237", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#547300", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2006-001152", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.7 }, { "db": "CERT/CC", "id": "TA06-333A", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2006-11-28", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-20515", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "id": "VAR-200609-1143", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 0.01 }, "last_update_date": "2024-06-17T09:39:54.333000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2006-11-28", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2006-001152" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "trust": 2.8, "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html" }, { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/734032" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/22083" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/21335" }, { "trust": 1.7, "url": "http://www.osvdb.org/30731" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1017298" }, { "trust": 1.7, "url": "http://secunia.com/advisories/23155" }, { "trust": 1.6, "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23280/" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23309/" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23386964/index.html" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20246" }, { "trust": 0.8, "url": "http://secunia.com/advisories/23155/" }, { "trust": 0.8, "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html" }, { "trust": 0.8, "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060905.txt " }, { "trust": 0.8, "url": "http://secunia.com/advisories/21709/" }, { "trust": 0.8, "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125" }, { "trust": 0.8, "url": "http://www.ietf.org/rfc/rfc3447.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23547300/index.html" }, { "trust": 0.8, "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html " }, { "trust": 0.8, "url": "https://issues.rpath.com/browse/rpl-613 " }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060928.txt " }, { "trust": 0.8, "url": "http://kolab.org/security/kolab-vendor-notice-11.txt " }, { "trust": 0.8, "url": "http://openvpn.net/changelog.html " }, { "trust": 0.8, "url": "http://www.serv-u.com/releasenotes/ " }, { "trust": 0.8, "url": "http://openbsd.org/errata.html#openssl2 " }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20249 " }, { "trust": 0.8, "url": "http://securitytracker.com/id?1016943 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22130 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22094 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22165 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22186 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22193 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22207 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22259 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22260 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22166 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22172 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22212 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22240 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22216 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22116 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22220 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22284 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22330 " }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/29237 " }, { "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4407" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4407" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2006/4750" }, { "trust": 0.3, "url": "http://www.info.apple.com/usen/security/security_updates.html" }, { "trust": 0.3, "url": "http://www.apple.com/macosx/" }, { "trust": 0.3, "url": "http://labs.musecurity.com/advisories/mu-200611-01.txt" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2006-09-11T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2006-11-30T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-28T00:00:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2006-11-30T16:28:00", "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2007-02-08T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2011-03-08T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-30T20:25:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2011-03-08T02:40:52.703000", "db": "NVD", "id": "CVE-2006-4407" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL SSLv2 client code fails to properly check for NULL", "sources": [ { "db": "CERT/CC", "id": "VU#386964" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 } }
var-200609-0940
Vulnerability from variot
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0940", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": null, "scope": null, "trust": 2.4, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openpkg", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openssl", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "suse linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "slackware linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "rpath", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "apple computer", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.8" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "appgate network security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "attachmatewrq", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "avaya", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gnutls", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "iaik java group", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "internet consortium", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "intoto", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "juniper", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mozilla", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openwall gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "opera", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "rsa security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ssh security corp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sybase", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vandyke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "stonesoft", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.3.x to 10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "directory pro", "scope": "eq", "trust": 0.3, "vendor": "cosmicperl", "version": "10.0.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.03" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Benjamin WilliamsMu SecurityEric CroninDr. Stephen N. HensonTim\u203b darksock@uhagr.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "cve": "CVE-2006-4407", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2006-4407", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-20515", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2006-4407", "trust": 1.8, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#386964", "trust": 0.8, "value": "0.32" }, { "author": "CARNEGIE MELLON", "id": "VU#734032", "trust": 0.8, "value": "10.94" }, { "author": "CARNEGIE MELLON", "id": "VU#845620", "trust": 0.8, "value": "7.56" }, { "author": "CARNEGIE MELLON", "id": "VU#547300", "trust": 0.8, "value": "2.53" }, { "author": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-20515", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available", "sources": [ { "db": "NVD", "id": "CVE-2006-4407" }, { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "BID", "id": "21335" }, { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 4.86 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#734032", "trust": 3.3 }, { "db": "USCERT", "id": "TA06-333A", "trust": 2.8 }, { "db": "NVD", "id": "CVE-2006-4407", "trust": 2.8 }, { "db": "SECUNIA", "id": "23155", "trust": 2.5 }, { "db": "BID", "id": "22083", "trust": 2.4 }, { "db": "BID", "id": "21335", "trust": 2.0 }, { "db": "SECTRACK", "id": "1017298", "trust": 1.7 }, { "db": "OSVDB", "id": "30731", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2006-4750", "trust": 1.7 }, { "db": "SECUNIA", "id": "23280", "trust": 1.6 }, { "db": "SECUNIA", "id": "23309", "trust": 1.6 }, { "db": "BID", "id": "20246", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#386964", "trust": 0.8 }, { "db": "SECUNIA", "id": "21709", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#845620", "trust": 0.8 }, { "db": "SECUNIA", "id": "22207", "trust": 0.8 }, { "db": "SECUNIA", "id": "22212", "trust": 0.8 }, { "db": "SECUNIA", "id": "22116", "trust": 0.8 }, { "db": "SECUNIA", "id": "22216", "trust": 0.8 }, { "db": "SECUNIA", "id": "22220", "trust": 0.8 }, { "db": "SECUNIA", "id": "22330", "trust": 0.8 }, { "db": "SECUNIA", "id": "22130", "trust": 0.8 }, { "db": "SECUNIA", "id": "22240", "trust": 0.8 }, { "db": "SECUNIA", "id": "22259", "trust": 0.8 }, { "db": "SECUNIA", "id": "22260", "trust": 0.8 }, { "db": "SECUNIA", "id": "22165", "trust": 0.8 }, { "db": "SECUNIA", "id": "22166", "trust": 0.8 }, { "db": "SECUNIA", "id": "22172", "trust": 0.8 }, { "db": "SECUNIA", "id": "22284", "trust": 0.8 }, { "db": "SECUNIA", "id": "22186", "trust": 0.8 }, { "db": "SECUNIA", "id": "22193", "trust": 0.8 }, { "db": "SECUNIA", "id": "22094", "trust": 0.8 }, { "db": "BID", "id": "20249", "trust": 0.8 }, { "db": "SECTRACK", "id": "1016943", "trust": 0.8 }, { "db": "XF", "id": "29237", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#547300", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2006-001152", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.7 }, { "db": "CERT/CC", "id": "TA06-333A", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2006-11-28", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-20515", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "id": "VAR-200609-0940", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 0.01 }, "last_update_date": "2024-07-22T21:17:58.412000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2006-11-28", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2006-001152" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "trust": 2.8, "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html" }, { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/734032" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/22083" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/21335" }, { "trust": 1.7, "url": "http://www.osvdb.org/30731" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1017298" }, { "trust": 1.7, "url": "http://secunia.com/advisories/23155" }, { "trust": 1.6, "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23280/" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23309/" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23386964/index.html" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20246" }, { "trust": 0.8, "url": "http://secunia.com/advisories/23155/" }, { "trust": 0.8, "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html" }, { "trust": 0.8, "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060905.txt " }, { "trust": 0.8, "url": "http://secunia.com/advisories/21709/" }, { "trust": 0.8, "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125" }, { "trust": 0.8, "url": "http://www.ietf.org/rfc/rfc3447.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23547300/index.html" }, { "trust": 0.8, "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html " }, { "trust": 0.8, "url": "https://issues.rpath.com/browse/rpl-613 " }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060928.txt " }, { "trust": 0.8, "url": "http://kolab.org/security/kolab-vendor-notice-11.txt " }, { "trust": 0.8, "url": "http://openvpn.net/changelog.html " }, { "trust": 0.8, "url": "http://www.serv-u.com/releasenotes/ " }, { "trust": 0.8, "url": "http://openbsd.org/errata.html#openssl2 " }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20249 " }, { "trust": 0.8, "url": "http://securitytracker.com/id?1016943 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22130 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22094 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22165 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22186 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22193 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22207 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22259 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22260 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22166 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22172 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22212 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22240 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22216 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22116 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22220 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22284 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22330 " }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/29237 " }, { "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4407" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4407" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2006/4750" }, { "trust": 0.3, "url": "http://www.info.apple.com/usen/security/security_updates.html" }, { "trust": 0.3, "url": "http://www.apple.com/macosx/" }, { "trust": 0.3, "url": "http://labs.musecurity.com/advisories/mu-200611-01.txt" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2006-09-11T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2006-11-30T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-28T00:00:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2006-11-30T16:28:00", "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2007-02-08T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2011-03-08T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-30T20:25:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2011-03-08T02:40:52.703000", "db": "NVD", "id": "CVE-2006-4407" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL SSLv2 client code fails to properly check for NULL", "sources": [ { "db": "CERT/CC", "id": "VU#386964" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 } }
var-200609-1255
Vulnerability from variot
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1255", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": null, "scope": null, "trust": 2.4, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openpkg", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openssl", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "suse linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "slackware linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "rpath", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "apple computer", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.8" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "appgate network security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "attachmatewrq", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "avaya", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gnutls", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "iaik java group", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "internet consortium", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "intoto", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "juniper", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mozilla", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openwall gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "opera", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "rsa security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ssh security corp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sybase", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vandyke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "stonesoft", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.3.x to 10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "directory pro", "scope": "eq", "trust": 0.3, "vendor": "cosmicperl", "version": "10.0.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.03" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Benjamin WilliamsMu SecurityEric CroninDr. Stephen N. HensonTim\u203b darksock@uhagr.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "cve": "CVE-2006-4407", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2006-4407", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-20515", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2006-4407", "trust": 1.8, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#386964", "trust": 0.8, "value": "0.32" }, { "author": "CARNEGIE MELLON", "id": "VU#734032", "trust": 0.8, "value": "10.94" }, { "author": "CARNEGIE MELLON", "id": "VU#845620", "trust": 0.8, "value": "7.56" }, { "author": "CARNEGIE MELLON", "id": "VU#547300", "trust": 0.8, "value": "2.53" }, { "author": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-20515", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available", "sources": [ { "db": "NVD", "id": "CVE-2006-4407" }, { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "BID", "id": "21335" }, { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 4.86 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#734032", "trust": 3.3 }, { "db": "USCERT", "id": "TA06-333A", "trust": 2.8 }, { "db": "NVD", "id": "CVE-2006-4407", "trust": 2.8 }, { "db": "SECUNIA", "id": "23155", "trust": 2.5 }, { "db": "BID", "id": "22083", "trust": 2.4 }, { "db": "BID", "id": "21335", "trust": 2.0 }, { "db": "SECTRACK", "id": "1017298", "trust": 1.7 }, { "db": "OSVDB", "id": "30731", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2006-4750", "trust": 1.7 }, { "db": "SECUNIA", "id": "23280", "trust": 1.6 }, { "db": "SECUNIA", "id": "23309", "trust": 1.6 }, { "db": "BID", "id": "20246", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#386964", "trust": 0.8 }, { "db": "SECUNIA", "id": "21709", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#845620", "trust": 0.8 }, { "db": "SECUNIA", "id": "22207", "trust": 0.8 }, { "db": "SECUNIA", "id": "22212", "trust": 0.8 }, { "db": "SECUNIA", "id": "22116", "trust": 0.8 }, { "db": "SECUNIA", "id": "22216", "trust": 0.8 }, { "db": "SECUNIA", "id": "22220", "trust": 0.8 }, { "db": "SECUNIA", "id": "22330", "trust": 0.8 }, { "db": "SECUNIA", "id": "22130", "trust": 0.8 }, { "db": "SECUNIA", "id": "22240", "trust": 0.8 }, { "db": "SECUNIA", "id": "22259", "trust": 0.8 }, { "db": "SECUNIA", "id": "22260", "trust": 0.8 }, { "db": "SECUNIA", "id": "22165", "trust": 0.8 }, { "db": "SECUNIA", "id": "22166", "trust": 0.8 }, { "db": "SECUNIA", "id": "22172", "trust": 0.8 }, { "db": "SECUNIA", "id": "22284", "trust": 0.8 }, { "db": "SECUNIA", "id": "22186", "trust": 0.8 }, { "db": "SECUNIA", "id": "22193", "trust": 0.8 }, { "db": "SECUNIA", "id": "22094", "trust": 0.8 }, { "db": "BID", "id": "20249", "trust": 0.8 }, { "db": "SECTRACK", "id": "1016943", "trust": 0.8 }, { "db": "XF", "id": "29237", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#547300", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2006-001152", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.7 }, { "db": "CERT/CC", "id": "TA06-333A", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2006-11-28", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-20515", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "id": "VAR-200609-1255", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 0.01 }, "last_update_date": "2024-06-16T22:17:49.539000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2006-11-28", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2006-001152" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "trust": 2.8, "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html" }, { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/734032" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/22083" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/21335" }, { "trust": 1.7, "url": "http://www.osvdb.org/30731" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1017298" }, { "trust": 1.7, "url": "http://secunia.com/advisories/23155" }, { "trust": 1.6, "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23280/" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23309/" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23386964/index.html" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20246" }, { "trust": 0.8, "url": "http://secunia.com/advisories/23155/" }, { "trust": 0.8, "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html" }, { "trust": 0.8, "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060905.txt " }, { "trust": 0.8, "url": "http://secunia.com/advisories/21709/" }, { "trust": 0.8, "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125" }, { "trust": 0.8, "url": "http://www.ietf.org/rfc/rfc3447.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23547300/index.html" }, { "trust": 0.8, "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html " }, { "trust": 0.8, "url": "https://issues.rpath.com/browse/rpl-613 " }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060928.txt " }, { "trust": 0.8, "url": "http://kolab.org/security/kolab-vendor-notice-11.txt " }, { "trust": 0.8, "url": "http://openvpn.net/changelog.html " }, { "trust": 0.8, "url": "http://www.serv-u.com/releasenotes/ " }, { "trust": 0.8, "url": "http://openbsd.org/errata.html#openssl2 " }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20249 " }, { "trust": 0.8, "url": "http://securitytracker.com/id?1016943 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22130 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22094 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22165 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22186 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22193 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22207 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22259 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22260 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22166 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22172 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22212 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22240 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22216 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22116 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22220 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22284 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22330 " }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/29237 " }, { "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4407" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4407" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2006/4750" }, { "trust": 0.3, "url": "http://www.info.apple.com/usen/security/security_updates.html" }, { "trust": 0.3, "url": "http://www.apple.com/macosx/" }, { "trust": 0.3, "url": "http://labs.musecurity.com/advisories/mu-200611-01.txt" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2006-09-11T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2006-11-30T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-28T00:00:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2006-11-30T16:28:00", "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2007-02-08T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2011-03-08T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-30T20:25:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2011-03-08T02:40:52.703000", "db": "NVD", "id": "CVE-2006-4407" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL SSLv2 client code fails to properly check for NULL", "sources": [ { "db": "CERT/CC", "id": "VU#386964" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 } }
var-200609-1229
Vulnerability from variot
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1229", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": null, "scope": null, "trust": 2.4, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openpkg", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openssl", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "suse linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "slackware linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "rpath", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "apple computer", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.8" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "appgate network security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "attachmatewrq", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "avaya", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gnutls", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "iaik java group", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "internet consortium", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "intoto", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "juniper", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mozilla", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openwall gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "opera", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "rsa security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ssh security corp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sybase", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vandyke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "stonesoft", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.3.x to 10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "directory pro", "scope": "eq", "trust": 0.3, "vendor": "cosmicperl", "version": "10.0.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.03" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Benjamin WilliamsMu SecurityEric CroninDr. Stephen N. HensonTim\u203b darksock@uhagr.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "cve": "CVE-2006-4407", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2006-4407", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-20515", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2006-4407", "trust": 1.8, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#386964", "trust": 0.8, "value": "0.32" }, { "author": "CARNEGIE MELLON", "id": "VU#734032", "trust": 0.8, "value": "10.94" }, { "author": "CARNEGIE MELLON", "id": "VU#845620", "trust": 0.8, "value": "7.56" }, { "author": "CARNEGIE MELLON", "id": "VU#547300", "trust": 0.8, "value": "2.53" }, { "author": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-20515", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available", "sources": [ { "db": "NVD", "id": "CVE-2006-4407" }, { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "BID", "id": "21335" }, { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 4.86 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#734032", "trust": 3.3 }, { "db": "USCERT", "id": "TA06-333A", "trust": 2.8 }, { "db": "NVD", "id": "CVE-2006-4407", "trust": 2.8 }, { "db": "SECUNIA", "id": "23155", "trust": 2.5 }, { "db": "BID", "id": "22083", "trust": 2.4 }, { "db": "BID", "id": "21335", "trust": 2.0 }, { "db": "SECTRACK", "id": "1017298", "trust": 1.7 }, { "db": "OSVDB", "id": "30731", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2006-4750", "trust": 1.7 }, { "db": "SECUNIA", "id": "23280", "trust": 1.6 }, { "db": "SECUNIA", "id": "23309", "trust": 1.6 }, { "db": "BID", "id": "20246", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#386964", "trust": 0.8 }, { "db": "SECUNIA", "id": "21709", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#845620", "trust": 0.8 }, { "db": "SECUNIA", "id": "22207", "trust": 0.8 }, { "db": "SECUNIA", "id": "22212", "trust": 0.8 }, { "db": "SECUNIA", "id": "22116", "trust": 0.8 }, { "db": "SECUNIA", "id": "22216", "trust": 0.8 }, { "db": "SECUNIA", "id": "22220", "trust": 0.8 }, { "db": "SECUNIA", "id": "22330", "trust": 0.8 }, { "db": "SECUNIA", "id": "22130", "trust": 0.8 }, { "db": "SECUNIA", "id": "22240", "trust": 0.8 }, { "db": "SECUNIA", "id": "22259", "trust": 0.8 }, { "db": "SECUNIA", "id": "22260", "trust": 0.8 }, { "db": "SECUNIA", "id": "22165", "trust": 0.8 }, { "db": "SECUNIA", "id": "22166", "trust": 0.8 }, { "db": "SECUNIA", "id": "22172", "trust": 0.8 }, { "db": "SECUNIA", "id": "22284", "trust": 0.8 }, { "db": "SECUNIA", "id": "22186", "trust": 0.8 }, { "db": "SECUNIA", "id": "22193", "trust": 0.8 }, { "db": "SECUNIA", "id": "22094", "trust": 0.8 }, { "db": "BID", "id": "20249", "trust": 0.8 }, { "db": "SECTRACK", "id": "1016943", "trust": 0.8 }, { "db": "XF", "id": "29237", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#547300", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2006-001152", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.7 }, { "db": "CERT/CC", "id": "TA06-333A", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2006-11-28", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-20515", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "id": "VAR-200609-1229", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 0.01 }, "last_update_date": "2024-06-14T19:39:22.118000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2006-11-28", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2006-001152" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "trust": 2.8, "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html" }, { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/734032" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/22083" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/21335" }, { "trust": 1.7, "url": "http://www.osvdb.org/30731" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1017298" }, { "trust": 1.7, "url": "http://secunia.com/advisories/23155" }, { "trust": 1.6, "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23280/" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23309/" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23386964/index.html" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20246" }, { "trust": 0.8, "url": "http://secunia.com/advisories/23155/" }, { "trust": 0.8, "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html" }, { "trust": 0.8, "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060905.txt " }, { "trust": 0.8, "url": "http://secunia.com/advisories/21709/" }, { "trust": 0.8, "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125" }, { "trust": 0.8, "url": "http://www.ietf.org/rfc/rfc3447.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23547300/index.html" }, { "trust": 0.8, "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html " }, { "trust": 0.8, "url": "https://issues.rpath.com/browse/rpl-613 " }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060928.txt " }, { "trust": 0.8, "url": "http://kolab.org/security/kolab-vendor-notice-11.txt " }, { "trust": 0.8, "url": "http://openvpn.net/changelog.html " }, { "trust": 0.8, "url": "http://www.serv-u.com/releasenotes/ " }, { "trust": 0.8, "url": "http://openbsd.org/errata.html#openssl2 " }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20249 " }, { "trust": 0.8, "url": "http://securitytracker.com/id?1016943 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22130 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22094 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22165 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22186 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22193 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22207 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22259 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22260 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22166 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22172 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22212 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22240 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22216 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22116 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22220 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22284 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22330 " }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/29237 " }, { "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4407" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4407" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2006/4750" }, { "trust": 0.3, "url": "http://www.info.apple.com/usen/security/security_updates.html" }, { "trust": 0.3, "url": "http://www.apple.com/macosx/" }, { "trust": 0.3, "url": "http://labs.musecurity.com/advisories/mu-200611-01.txt" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2006-09-11T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2006-11-30T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-28T00:00:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2006-11-30T16:28:00", "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2007-02-08T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2011-03-08T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-30T20:25:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2011-03-08T02:40:52.703000", "db": "NVD", "id": "CVE-2006-4407" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL SSLv2 client code fails to properly check for NULL", "sources": [ { "db": "CERT/CC", "id": "VU#386964" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 } }
var-200609-1376
Vulnerability from variot
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1376", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": null, "scope": null, "trust": 2.4, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openpkg", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openssl", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "suse linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "slackware linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "rpath", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "apple computer", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.8" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "appgate network security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "attachmatewrq", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "avaya", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gnutls", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "iaik java group", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "internet consortium", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "intoto", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "juniper", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mozilla", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openwall gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "opera", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "rsa security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ssh security corp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sybase", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vandyke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "stonesoft", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.3.x to 10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "directory pro", "scope": "eq", "trust": 0.3, "vendor": "cosmicperl", "version": "10.0.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.03" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Benjamin WilliamsMu SecurityEric CroninDr. Stephen N. HensonTim\u203b darksock@uhagr.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "cve": "CVE-2006-4407", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2006-4407", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-20515", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2006-4407", "trust": 1.8, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#386964", "trust": 0.8, "value": "0.32" }, { "author": "CARNEGIE MELLON", "id": "VU#734032", "trust": 0.8, "value": "10.94" }, { "author": "CARNEGIE MELLON", "id": "VU#845620", "trust": 0.8, "value": "7.56" }, { "author": "CARNEGIE MELLON", "id": "VU#547300", "trust": 0.8, "value": "2.53" }, { "author": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-20515", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available", "sources": [ { "db": "NVD", "id": "CVE-2006-4407" }, { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "BID", "id": "21335" }, { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 4.86 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#734032", "trust": 3.3 }, { "db": "USCERT", "id": "TA06-333A", "trust": 2.8 }, { "db": "NVD", "id": "CVE-2006-4407", "trust": 2.8 }, { "db": "SECUNIA", "id": "23155", "trust": 2.5 }, { "db": "BID", "id": "22083", "trust": 2.4 }, { "db": "BID", "id": "21335", "trust": 2.0 }, { "db": "SECTRACK", "id": "1017298", "trust": 1.7 }, { "db": "OSVDB", "id": "30731", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2006-4750", "trust": 1.7 }, { "db": "SECUNIA", "id": "23280", "trust": 1.6 }, { "db": "SECUNIA", "id": "23309", "trust": 1.6 }, { "db": "BID", "id": "20246", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#386964", "trust": 0.8 }, { "db": "SECUNIA", "id": "21709", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#845620", "trust": 0.8 }, { "db": "SECUNIA", "id": "22207", "trust": 0.8 }, { "db": "SECUNIA", "id": "22212", "trust": 0.8 }, { "db": "SECUNIA", "id": "22116", "trust": 0.8 }, { "db": "SECUNIA", "id": "22216", "trust": 0.8 }, { "db": "SECUNIA", "id": "22220", "trust": 0.8 }, { "db": "SECUNIA", "id": "22330", "trust": 0.8 }, { "db": "SECUNIA", "id": "22130", "trust": 0.8 }, { "db": "SECUNIA", "id": "22240", "trust": 0.8 }, { "db": "SECUNIA", "id": "22259", "trust": 0.8 }, { "db": "SECUNIA", "id": "22260", "trust": 0.8 }, { "db": "SECUNIA", "id": "22165", "trust": 0.8 }, { "db": "SECUNIA", "id": "22166", "trust": 0.8 }, { "db": "SECUNIA", "id": "22172", "trust": 0.8 }, { "db": "SECUNIA", "id": "22284", "trust": 0.8 }, { "db": "SECUNIA", "id": "22186", "trust": 0.8 }, { "db": "SECUNIA", "id": "22193", "trust": 0.8 }, { "db": "SECUNIA", "id": "22094", "trust": 0.8 }, { "db": "BID", "id": "20249", "trust": 0.8 }, { "db": "SECTRACK", "id": "1016943", "trust": 0.8 }, { "db": "XF", "id": "29237", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#547300", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2006-001152", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.7 }, { "db": "CERT/CC", "id": "TA06-333A", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2006-11-28", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-20515", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "id": "VAR-200609-1376", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:46:26.250000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2006-11-28", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2006-001152" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "trust": 2.8, "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html" }, { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/734032" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/22083" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/21335" }, { "trust": 1.7, "url": "http://www.osvdb.org/30731" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1017298" }, { "trust": 1.7, "url": "http://secunia.com/advisories/23155" }, { "trust": 1.6, "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23280/" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23309/" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23386964/index.html" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20246" }, { "trust": 0.8, "url": "http://secunia.com/advisories/23155/" }, { "trust": 0.8, "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html" }, { "trust": 0.8, "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060905.txt " }, { "trust": 0.8, "url": "http://secunia.com/advisories/21709/" }, { "trust": 0.8, "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125" }, { "trust": 0.8, "url": "http://www.ietf.org/rfc/rfc3447.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23547300/index.html" }, { "trust": 0.8, "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html " }, { "trust": 0.8, "url": "https://issues.rpath.com/browse/rpl-613 " }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060928.txt " }, { "trust": 0.8, "url": "http://kolab.org/security/kolab-vendor-notice-11.txt " }, { "trust": 0.8, "url": "http://openvpn.net/changelog.html " }, { "trust": 0.8, "url": "http://www.serv-u.com/releasenotes/ " }, { "trust": 0.8, "url": "http://openbsd.org/errata.html#openssl2 " }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20249 " }, { "trust": 0.8, "url": "http://securitytracker.com/id?1016943 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22130 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22094 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22165 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22186 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22193 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22207 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22259 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22260 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22166 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22172 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22212 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22240 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22216 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22116 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22220 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22284 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22330 " }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/29237 " }, { "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4407" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4407" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2006/4750" }, { "trust": 0.3, "url": "http://www.info.apple.com/usen/security/security_updates.html" }, { "trust": 0.3, "url": "http://www.apple.com/macosx/" }, { "trust": 0.3, "url": "http://labs.musecurity.com/advisories/mu-200611-01.txt" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2006-09-11T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2006-11-30T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-28T00:00:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2006-11-30T16:28:00", "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2007-02-08T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2011-03-08T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-30T20:25:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2011-03-08T02:40:52.703000", "db": "NVD", "id": "CVE-2006-4407" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL SSLv2 client code fails to properly check for NULL", "sources": [ { "db": "CERT/CC", "id": "VU#386964" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 } }
var-200609-0718
Vulnerability from variot
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0718", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": null, "scope": null, "trust": 2.4, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openpkg", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openssl", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "suse linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "slackware linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "rpath", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "apple computer", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.8" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "appgate network security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "attachmatewrq", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "avaya", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gnutls", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "iaik java group", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "internet consortium", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "intoto", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "juniper", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mozilla", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openwall gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "opera", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "rsa security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ssh security corp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sybase", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vandyke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "stonesoft", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.3.x to 10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "directory pro", "scope": "eq", "trust": 0.3, "vendor": "cosmicperl", "version": "10.0.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.03" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Benjamin WilliamsMu SecurityEric CroninDr. Stephen N. HensonTim\u203b darksock@uhagr.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "cve": "CVE-2006-4407", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2006-4407", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-20515", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2006-4407", "trust": 1.8, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#386964", "trust": 0.8, "value": "0.32" }, { "author": "CARNEGIE MELLON", "id": "VU#734032", "trust": 0.8, "value": "10.94" }, { "author": "CARNEGIE MELLON", "id": "VU#845620", "trust": 0.8, "value": "7.56" }, { "author": "CARNEGIE MELLON", "id": "VU#547300", "trust": 0.8, "value": "2.53" }, { "author": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-20515", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available", "sources": [ { "db": "NVD", "id": "CVE-2006-4407" }, { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "BID", "id": "21335" }, { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 4.86 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#734032", "trust": 3.3 }, { "db": "USCERT", "id": "TA06-333A", "trust": 2.8 }, { "db": "NVD", "id": "CVE-2006-4407", "trust": 2.8 }, { "db": "SECUNIA", "id": "23155", "trust": 2.5 }, { "db": "BID", "id": "22083", "trust": 2.4 }, { "db": "BID", "id": "21335", "trust": 2.0 }, { "db": "SECTRACK", "id": "1017298", "trust": 1.7 }, { "db": "OSVDB", "id": "30731", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2006-4750", "trust": 1.7 }, { "db": "SECUNIA", "id": "23280", "trust": 1.6 }, { "db": "SECUNIA", "id": "23309", "trust": 1.6 }, { "db": "BID", "id": "20246", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#386964", "trust": 0.8 }, { "db": "SECUNIA", "id": "21709", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#845620", "trust": 0.8 }, { "db": "SECUNIA", "id": "22207", "trust": 0.8 }, { "db": "SECUNIA", "id": "22212", "trust": 0.8 }, { "db": "SECUNIA", "id": "22116", "trust": 0.8 }, { "db": "SECUNIA", "id": "22216", "trust": 0.8 }, { "db": "SECUNIA", "id": "22220", "trust": 0.8 }, { "db": "SECUNIA", "id": "22330", "trust": 0.8 }, { "db": "SECUNIA", "id": "22130", "trust": 0.8 }, { "db": "SECUNIA", "id": "22240", "trust": 0.8 }, { "db": "SECUNIA", "id": "22259", "trust": 0.8 }, { "db": "SECUNIA", "id": "22260", "trust": 0.8 }, { "db": "SECUNIA", "id": "22165", "trust": 0.8 }, { "db": "SECUNIA", "id": "22166", "trust": 0.8 }, { "db": "SECUNIA", "id": "22172", "trust": 0.8 }, { "db": "SECUNIA", "id": "22284", "trust": 0.8 }, { "db": "SECUNIA", "id": "22186", "trust": 0.8 }, { "db": "SECUNIA", "id": "22193", "trust": 0.8 }, { "db": "SECUNIA", "id": "22094", "trust": 0.8 }, { "db": "BID", "id": "20249", "trust": 0.8 }, { "db": "SECTRACK", "id": "1016943", "trust": 0.8 }, { "db": "XF", "id": "29237", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#547300", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2006-001152", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.7 }, { "db": "CERT/CC", "id": "TA06-333A", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2006-11-28", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-20515", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "id": "VAR-200609-0718", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 0.01 }, "last_update_date": "2024-07-04T20:46:28.140000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2006-11-28", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2006-001152" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "trust": 2.8, "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html" }, { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/734032" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/22083" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/21335" }, { "trust": 1.7, "url": "http://www.osvdb.org/30731" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1017298" }, { "trust": 1.7, "url": "http://secunia.com/advisories/23155" }, { "trust": 1.6, "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23280/" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23309/" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23386964/index.html" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20246" }, { "trust": 0.8, "url": "http://secunia.com/advisories/23155/" }, { "trust": 0.8, "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html" }, { "trust": 0.8, "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060905.txt " }, { "trust": 0.8, "url": "http://secunia.com/advisories/21709/" }, { "trust": 0.8, "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125" }, { "trust": 0.8, "url": "http://www.ietf.org/rfc/rfc3447.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23547300/index.html" }, { "trust": 0.8, "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html " }, { "trust": 0.8, "url": "https://issues.rpath.com/browse/rpl-613 " }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060928.txt " }, { "trust": 0.8, "url": "http://kolab.org/security/kolab-vendor-notice-11.txt " }, { "trust": 0.8, "url": "http://openvpn.net/changelog.html " }, { "trust": 0.8, "url": "http://www.serv-u.com/releasenotes/ " }, { "trust": 0.8, "url": "http://openbsd.org/errata.html#openssl2 " }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20249 " }, { "trust": 0.8, "url": "http://securitytracker.com/id?1016943 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22130 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22094 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22165 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22186 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22193 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22207 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22259 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22260 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22166 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22172 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22212 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22240 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22216 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22116 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22220 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22284 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22330 " }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/29237 " }, { "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4407" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4407" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2006/4750" }, { "trust": 0.3, "url": "http://www.info.apple.com/usen/security/security_updates.html" }, { "trust": 0.3, "url": "http://www.apple.com/macosx/" }, { "trust": 0.3, "url": "http://labs.musecurity.com/advisories/mu-200611-01.txt" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2006-09-11T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2006-11-30T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-28T00:00:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2006-11-30T16:28:00", "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2007-02-08T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2011-03-08T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-30T20:25:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2011-03-08T02:40:52.703000", "db": "NVD", "id": "CVE-2006-4407" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL SSLv2 client code fails to properly check for NULL", "sources": [ { "db": "CERT/CC", "id": "VU#386964" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 } }
var-200609-0887
Vulnerability from variot
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0887", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": null, "scope": null, "trust": 2.4, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openpkg", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "openssl", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "suse linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "slackware linux", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 2.4, "vendor": "rpath", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "apple computer", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3.8" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.3" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "appgate network security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "attachmatewrq", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "avaya", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "blue coat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gnutls", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "iaik java group", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "internet consortium", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "intoto", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "juniper", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mozilla", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openwall gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "opera", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "rsa security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ssh security corp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sybase", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vandyke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "stonesoft", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.3.x to 10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "directory pro", "scope": "eq", "trust": 0.3, "vendor": "cosmicperl", "version": "10.0.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.3.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.0.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.03" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Benjamin WilliamsMu SecurityEric CroninDr. Stephen N. HensonTim\u203b darksock@uhagr.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "cve": "CVE-2006-4407", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2006-4407", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-20515", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2006-4407", "trust": 1.8, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#386964", "trust": 0.8, "value": "0.32" }, { "author": "CARNEGIE MELLON", "id": "VU#734032", "trust": 0.8, "value": "10.94" }, { "author": "CARNEGIE MELLON", "id": "VU#845620", "trust": 0.8, "value": "7.56" }, { "author": "CARNEGIE MELLON", "id": "VU#547300", "trust": 0.8, "value": "2.53" }, { "author": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-20515", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available", "sources": [ { "db": "NVD", "id": "CVE-2006-4407" }, { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "BID", "id": "21335" }, { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 4.86 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#734032", "trust": 3.3 }, { "db": "USCERT", "id": "TA06-333A", "trust": 2.8 }, { "db": "NVD", "id": "CVE-2006-4407", "trust": 2.8 }, { "db": "SECUNIA", "id": "23155", "trust": 2.5 }, { "db": "BID", "id": "22083", "trust": 2.4 }, { "db": "BID", "id": "21335", "trust": 2.0 }, { "db": "SECTRACK", "id": "1017298", "trust": 1.7 }, { "db": "OSVDB", "id": "30731", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2006-4750", "trust": 1.7 }, { "db": "SECUNIA", "id": "23280", "trust": 1.6 }, { "db": "SECUNIA", "id": "23309", "trust": 1.6 }, { "db": "BID", "id": "20246", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#386964", "trust": 0.8 }, { "db": "SECUNIA", "id": "21709", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#845620", "trust": 0.8 }, { "db": "SECUNIA", "id": "22207", "trust": 0.8 }, { "db": "SECUNIA", "id": "22212", "trust": 0.8 }, { "db": "SECUNIA", "id": "22116", "trust": 0.8 }, { "db": "SECUNIA", "id": "22216", "trust": 0.8 }, { "db": "SECUNIA", "id": "22220", "trust": 0.8 }, { "db": "SECUNIA", "id": "22330", "trust": 0.8 }, { "db": "SECUNIA", "id": "22130", "trust": 0.8 }, { "db": "SECUNIA", "id": "22240", "trust": 0.8 }, { "db": "SECUNIA", "id": "22259", "trust": 0.8 }, { "db": "SECUNIA", "id": "22260", "trust": 0.8 }, { "db": "SECUNIA", "id": "22165", "trust": 0.8 }, { "db": "SECUNIA", "id": "22166", "trust": 0.8 }, { "db": "SECUNIA", "id": "22172", "trust": 0.8 }, { "db": "SECUNIA", "id": "22284", "trust": 0.8 }, { "db": "SECUNIA", "id": "22186", "trust": 0.8 }, { "db": "SECUNIA", "id": "22193", "trust": 0.8 }, { "db": "SECUNIA", "id": "22094", "trust": 0.8 }, { "db": "BID", "id": "20249", "trust": 0.8 }, { "db": "SECTRACK", "id": "1016943", "trust": 0.8 }, { "db": "XF", "id": "29237", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#547300", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2006-001152", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200611-503", "trust": 0.7 }, { "db": "CERT/CC", "id": "TA06-333A", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2006-11-28", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-20515", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "id": "VAR-200609-0887", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-20515" } ], "trust": 0.01 }, "last_update_date": "2024-06-16T17:21:24.834000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2006-11-28", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2006-001152" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2006-4407" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://docs.info.apple.com/article.html?artnum=304829" }, { "trust": 2.8, "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html" }, { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/734032" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/22083" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/21335" }, { "trust": 1.7, "url": "http://www.osvdb.org/30731" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1017298" }, { "trust": 1.7, "url": "http://secunia.com/advisories/23155" }, { "trust": 1.6, "url": "http://www.openssl.org/news/secadv_20060928.txt" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23280/" }, { "trust": 1.6, "url": "http://secunia.com/advisories/23309/" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2006/4750" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23386964/index.html" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20246" }, { "trust": 0.8, "url": "http://secunia.com/advisories/23155/" }, { "trust": 0.8, "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html" }, { "trust": 0.8, "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060905.txt " }, { "trust": 0.8, "url": "http://secunia.com/advisories/21709/" }, { "trust": 0.8, "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125" }, { "trust": 0.8, "url": "http://www.ietf.org/rfc/rfc3447.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu%23547300/index.html" }, { "trust": 0.8, "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html " }, { "trust": 0.8, "url": "https://issues.rpath.com/browse/rpl-613 " }, { "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20060928.txt " }, { "trust": 0.8, "url": "http://kolab.org/security/kolab-vendor-notice-11.txt " }, { "trust": 0.8, "url": "http://openvpn.net/changelog.html " }, { "trust": 0.8, "url": "http://www.serv-u.com/releasenotes/ " }, { "trust": 0.8, "url": "http://openbsd.org/errata.html#openssl2 " }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/20249 " }, { "trust": 0.8, "url": "http://securitytracker.com/id?1016943 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22130 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22094 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22165 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22186 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22193 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22207 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22259 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22260 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22166 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22172 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22212 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22240 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22216 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22116 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22220 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22284 " }, { "trust": 0.8, "url": "http://secunia.com/advisories/22330 " }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/29237 " }, { "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4407" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4407" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2006/4750" }, { "trust": 0.3, "url": "http://www.info.apple.com/usen/security/security_updates.html" }, { "trust": 0.3, "url": "http://www.apple.com/macosx/" }, { "trust": 0.3, "url": "http://labs.musecurity.com/advisories/mu-200611-01.txt" } ], "sources": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#386964" }, { "db": "CERT/CC", "id": "VU#734032" }, { "db": "CERT/CC", "id": "VU#845620" }, { "db": "CERT/CC", "id": "VU#547300" }, { "db": "VULHUB", "id": "VHN-20515" }, { "db": "BID", "id": "21335" }, { "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "db": "CNNVD", "id": "CNNVD-200611-503" }, { "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2006-09-11T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2006-09-28T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2006-11-30T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-28T00:00:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2006-11-30T16:28:00", "db": "NVD", "id": "CVE-2006-4407" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#386964" }, { "date": "2006-11-30T00:00:00", "db": "CERT/CC", "id": "VU#734032" }, { "date": "2007-02-08T00:00:00", "db": "CERT/CC", "id": "VU#845620" }, { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#547300" }, { "date": "2011-03-08T00:00:00", "db": "VULHUB", "id": "VHN-20515" }, { "date": "2006-11-30T20:25:00", "db": "BID", "id": "21335" }, { "date": "2012-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2006-001152" }, { "date": "2006-11-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200611-503" }, { "date": "2011-03-08T02:40:52.703000", "db": "NVD", "id": "CVE-2006-4407" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL SSLv2 client code fails to properly check for NULL", "sources": [ { "db": "CERT/CC", "id": "VU#386964" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-200611-503" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.