cvelistv5 - cve-2006-1836

cve-2006-1836

Vulnerability from cvelistv5

Published

2006-04-19 16:00

Modified

2024-08-07 17:27

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/19682	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/100
cve@mitre.org	http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html	Patch
cve@mitre.org	http://securitytracker.com/id?1015953
cve@mitre.org	http://www.securityfocus.com/archive/1/431318/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17571
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1386
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/25839
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19682	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/100
af854a3a-2127-422b-91ae-364da2661108	http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015953
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/431318/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17571
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1386
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25839

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:27:29.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/100"
          },
          {
            "name": "17571",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17571"
          },
          {
            "name": "ADV-2006-1386",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1386"
          },
          {
            "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
          },
          {
            "name": "1015953",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015953"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
          },
          {
            "name": "19682",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19682"
          },
          {
            "name": "liveupdate-exepath-env-privilege-escalation(25839)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/100"
        },
        {
          "name": "17571",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17571"
        },
        {
          "name": "ADV-2006-1386",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1386"
        },
        {
          "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
        },
        {
          "name": "1015953",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015953"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
        },
        {
          "name": "19682",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19682"
        },
        {
          "name": "liveupdate-exepath-env-privilege-escalation(25839)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1836",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/100"
            },
            {
              "name": "17571",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17571"
            },
            {
              "name": "ADV-2006-1386",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1386"
            },
            {
              "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
            },
            {
              "name": "1015953",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015953"
            },
            {
              "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
              "refsource": "CONFIRM",
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
            },
            {
              "name": "19682",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19682"
            },
            {
              "name": "liveupdate-exepath-env-privilege-escalation(25839)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1836",
    "datePublished": "2006-04-19T16:00:00",
    "dateReserved": "2006-04-19T00:00:00",
    "dateUpdated": "2024-08-07T17:27:29.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"05EE17B2-8E91-4413-A35A-183C3000B6A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"FB2DE1ED-01B8-42A1-BA70-BA15328B2E6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"B3F2C272-73E6-4D07-A72D-145A6BF1818C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"50D20D8E-A7D7-4DD6-9918-2E609A7D7620\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"749C0B32-9669-4CD6-8615-BCD76C768532\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"E72D8D65-340C-4505-AA80-F9E7870513EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"242D33E8-1B6B-4562-9F2A-1B34E3B7BC71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"252ACD1B-323F-4139-880D-89D600F29986\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"B2D0922A-3EA3-4BC9-9311-9DCA57338CBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"7225A578-8F62-42BD-99AC-D3385478613A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"FF0903BD-3E78-4024-A773-16100F519B46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"1B390577-F1F1-4821-90FB-967E749F7CCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"44073E2A-A8AB-4D1A-BCFC-8439E40E97E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"D2259605-B720-42B0-8476-6CAE07C7B143\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"9CC3459D-1F86-48A4-9DC2-0E542AEAC97D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"608F8ECE-F8A9-4659-9ED7-79ADD61E5099\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"F648A08A-24EF-45A5-B7FD-00CAD5892061\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"DCB3EF92-1CEA-4E57-94E7-0C596998F4CF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.\"}]",
      "id": "CVE-2006-1836",
      "lastModified": "2024-11-21T00:09:52.760",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 6.8, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.1, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-04-19T16:06:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/19682\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/100\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://securitytracker.com/id?1015953\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/431318/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/17571\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1386\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25839\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/19682\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/100\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://securitytracker.com/id?1015953\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/431318/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/17571\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1386\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25839\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-1836\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-04-19T16:06:00.000\",\"lastModified\":\"2024-11-21T00:09:52.760\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":6.8,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"05EE17B2-8E91-4413-A35A-183C3000B6A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"FB2DE1ED-01B8-42A1-BA70-BA15328B2E6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"B3F2C272-73E6-4D07-A72D-145A6BF1818C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"50D20D8E-A7D7-4DD6-9918-2E609A7D7620\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"749C0B32-9669-4CD6-8615-BCD76C768532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"E72D8D65-340C-4505-AA80-F9E7870513EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"242D33E8-1B6B-4562-9F2A-1B34E3B7BC71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"252ACD1B-323F-4139-880D-89D600F29986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"B2D0922A-3EA3-4BC9-9311-9DCA57338CBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"7225A578-8F62-42BD-99AC-D3385478613A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"FF0903BD-3E78-4024-A773-16100F519B46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"1B390577-F1F1-4821-90FB-967E749F7CCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"44073E2A-A8AB-4D1A-BCFC-8439E40E97E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"D2259605-B720-42B0-8476-6CAE07C7B143\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"9CC3459D-1F86-48A4-9DC2-0E542AEAC97D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"608F8ECE-F8A9-4659-9ED7-79ADD61E5099\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"F648A08A-24EF-45A5-B7FD-00CAD5892061\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"DCB3EF92-1CEA-4E57-94E7-0C596998F4CF\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/19682\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/100\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://securitytracker.com/id?1015953\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/431318/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17571\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1386\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25839\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19682\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://securitytracker.com/id?1015953\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/431318/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17571\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1386\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25839\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. Symantec LiveUpdate for Macintosh is prone to a local privilege-escalation vulnerability. This issue is due to the application's failure to properly use the PATH environment variable in some of its components. A successful exploit allows local attackers to gain superuser privileges, leading to a complete compromise of the affected computer.

TITLE: Symantec LiveUpdate for Machintosh Privilege Escalation

SECUNIA ADVISORY ID: SA19682

VERIFY ADVISORY: http://secunia.com/advisories/19682/

CRITICAL: Less critical

IMPACT: Privilege escalation

WHERE: Local system

SOFTWARE: Symantec Norton Utilities for Macintosh 8.x http://secunia.com/product/5953/ Symantec Norton SystemWorks for Macintosh 3.x http://secunia.com/product/5952/ Symantec Norton Personal Firewall for Macintosh 3.x http://secunia.com/product/5950/ Symantec Norton Internet Security for Macintosh 3.x http://secunia.com/product/5951/ Symantec Norton AntiVirus for Macintosh 9.x http://secunia.com/product/5948/ Symantec Norton AntiVirus for Macintosh 10.x http://secunia.com/product/5949/ Symantec LiveUpdate for Macintosh 3.x http://secunia.com/product/5954/

DESCRIPTION: A vulnerability has been reported in Symantec LiveUpdate for Machintosh, which can be exploited by malicious, local users to gain escalated privileges.

SOLUTION: Apply latest LiveUpdate patch.

PROVIDED AND/OR DISCOVERED BY: The vendor credits DigitalMunition.com.

ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200604-0363",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton personal firewall",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton system works",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton personal firewall",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "3.1"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "9.0.1"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "10.9.1"
      },
      {
        "model": "norton utilities",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "8.0"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "9.0.2"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "9.0.3"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "10.0"
      },
      {
        "model": "liveupdate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "3.0.2"
      },
      {
        "model": "liveupdate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "10.0.1"
      },
      {
        "model": "liveupdate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "3.0.3"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "9.0.0"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "10.0.0"
      },
      {
        "model": "liveupdate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "3.5"
      },
      {
        "model": "liveupdate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "3.0.1"
      },
      {
        "model": "norton utilities for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.0"
      },
      {
        "model": "norton system works for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton personal firewall for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1"
      },
      {
        "model": "norton personal firewall for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton internet security for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.9.1"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0.1"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0.0"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.3"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.2"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.1"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.0"
      },
      {
        "model": "liveupdate for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.5"
      },
      {
        "model": "liveupdate for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.3"
      },
      {
        "model": "liveupdate for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.2"
      },
      {
        "model": "liveupdate for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.1"
      },
      {
        "model": "liveupdate for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "DigitalMunition.com is credited with the discovery of this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2006-1836",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "VHN-17944",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-1836",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200604-296",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-17944",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. Symantec LiveUpdate for Macintosh is prone to a local privilege-escalation vulnerability. This issue is due to the application\u0027s failure to properly use the PATH environment variable in some of its components. \nA successful exploit allows local attackers to gain superuser privileges, leading to a complete compromise of the affected computer. \n\nTITLE:\nSymantec LiveUpdate for Machintosh Privilege Escalation\n\nSECUNIA ADVISORY ID:\nSA19682\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19682/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nSymantec Norton Utilities for Macintosh 8.x\nhttp://secunia.com/product/5953/\nSymantec Norton SystemWorks for Macintosh 3.x\nhttp://secunia.com/product/5952/\nSymantec Norton Personal Firewall for Macintosh 3.x\nhttp://secunia.com/product/5950/\nSymantec Norton Internet Security for Macintosh 3.x\nhttp://secunia.com/product/5951/\nSymantec Norton AntiVirus for Macintosh 9.x\nhttp://secunia.com/product/5948/\nSymantec Norton AntiVirus for Macintosh 10.x\nhttp://secunia.com/product/5949/\nSymantec LiveUpdate for Macintosh 3.x\nhttp://secunia.com/product/5954/\n\nDESCRIPTION:\nA vulnerability has been reported in Symantec LiveUpdate for\nMachintosh, which can be exploited by malicious, local users to gain\nescalated privileges. \n\nSOLUTION:\nApply latest LiveUpdate patch. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits DigitalMunition.com. \n\nORIGINAL ADVISORY:\nhttp://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "db": "PACKETSTORM",
        "id": "45507"
      }
    ],
    "trust": 1.35
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "17571",
        "trust": 2.0
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1836",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "19682",
        "trust": 1.8
      },
      {
        "db": "SREASON",
        "id": "100",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-1386",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1015953",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20060418 [SYMANTEC SECURITY ADVISORY] LIVEUPDATE FOR MACINTOSH LOCAL PRIVILEGE ESCALATION",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "25839",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-17944",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "45507",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "PACKETSTORM",
        "id": "45507"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "id": "VAR-200604-0363",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-17944"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:53:29.709000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://securityresponse.symantec.com/avcenter/security/content/2006.04.17b.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/17571"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1015953"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/19682"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/100"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/1386"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/431318/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/1386"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/25839"
      },
      {
        "trust": 0.3,
        "url": "http://www.symantec.com/avcenter/security/content/2006.04.17b.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5953/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5950/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5951/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5954/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5952/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/19682/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5949/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5948/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "PACKETSTORM",
        "id": "45507"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "PACKETSTORM",
        "id": "45507"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-04-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "date": "2006-04-17T00:00:00",
        "db": "BID",
        "id": "17571"
      },
      {
        "date": "2006-04-19T19:19:57",
        "db": "PACKETSTORM",
        "id": "45507"
      },
      {
        "date": "2006-04-19T16:06:00",
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "date": "2006-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "date": "2007-06-27T19:08:00",
        "db": "BID",
        "id": "17571"
      },
      {
        "date": "2018-10-18T16:36:44.410000",
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "PACKETSTORM",
        "id": "45507"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Symantec LiveUpdate for Macintosh Local privilege elevation vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ],
    "trust": 0.9
  }
}

gsd-2006-1836

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-1836

Aliases

CVE-2006-1836

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-1836",
    "description": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.",
    "id": "GSD-2006-1836"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-1836"
      ],
      "details": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.",
      "id": "GSD-2006-1836",
      "modified": "2023-12-13T01:19:55.238614Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-1836",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "100",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/100"
          },
          {
            "name": "17571",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17571"
          },
          {
            "name": "ADV-2006-1386",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1386"
          },
          {
            "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
          },
          {
            "name": "1015953",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015953"
          },
          {
            "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
            "refsource": "CONFIRM",
            "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
          },
          {
            "name": "19682",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19682"
          },
          {
            "name": "liveupdate-exepath-env-privilege-escalation(25839)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1836"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
            },
            {
              "name": "17571",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/17571"
            },
            {
              "name": "19682",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19682"
            },
            {
              "name": "1015953",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015953"
            },
            {
              "name": "100",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/100"
            },
            {
              "name": "ADV-2006-1386",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1386"
            },
            {
              "name": "liveupdate-exepath-env-privilege-escalation(25839)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
            },
            {
              "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.1,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:36Z",
      "publishedDate": "2006-04-19T16:06Z"
    }
  }
}

ghsa-q73f-wrp7-jcr3

Vulnerability from github

Published

2022-05-01 06:53

Modified

2022-05-01 06:53

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-1836"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-04-19T16:06:00Z",
    "severity": "MODERATE"
  },
  "details": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.",
  "id": "GHSA-q73f-wrp7-jcr3",
  "modified": "2022-05-01T06:53:17Z",
  "published": "2022-05-01T06:53:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1836"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19682"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/100"
    },
    {
      "type": "WEB",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015953"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17571"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1386"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2006-1836

Vulnerability from fkie_nvd

Published

2006-04-19 16:06

Modified

2024-11-21 00:09

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/19682	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/100
cve@mitre.org	http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html	Patch
cve@mitre.org	http://securitytracker.com/id?1015953
cve@mitre.org	http://www.securityfocus.com/archive/1/431318/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17571
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1386
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/25839
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19682	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/100
af854a3a-2127-422b-91ae-364da2661108	http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015953
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/431318/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17571
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1386
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25839

Impacted products

Vendor	Product	Version
symantec	liveupdate	3.0
symantec	liveupdate	3.0.1
symantec	liveupdate	3.0.2
symantec	liveupdate	3.0.3
symantec	liveupdate	3.5
symantec	norton_antivirus	9.0.0
symantec	norton_antivirus	9.0.1
symantec	norton_antivirus	9.0.2
symantec	norton_antivirus	9.0.3
symantec	norton_antivirus	10.0
symantec	norton_antivirus	10.0.0
symantec	norton_antivirus	10.0.1
symantec	norton_antivirus	10.9.1
symantec	norton_internet_security	3.0
symantec	norton_personal_firewall	3.0
symantec	norton_personal_firewall	3.1
symantec	norton_system_works	3.0
symantec	norton_utilities	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "05EE17B2-8E91-4413-A35A-183C3000B6A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "FB2DE1ED-01B8-42A1-BA70-BA15328B2E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "B3F2C272-73E6-4D07-A72D-145A6BF1818C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "50D20D8E-A7D7-4DD6-9918-2E609A7D7620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "749C0B32-9669-4CD6-8615-BCD76C768532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "E72D8D65-340C-4505-AA80-F9E7870513EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "242D33E8-1B6B-4562-9F2A-1B34E3B7BC71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "252ACD1B-323F-4139-880D-89D600F29986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "B2D0922A-3EA3-4BC9-9311-9DCA57338CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "7225A578-8F62-42BD-99AC-D3385478613A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "FF0903BD-3E78-4024-A773-16100F519B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "1B390577-F1F1-4821-90FB-967E749F7CCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "44073E2A-A8AB-4D1A-BCFC-8439E40E97E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "D2259605-B720-42B0-8476-6CAE07C7B143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "9CC3459D-1F86-48A4-9DC2-0E542AEAC97D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "608F8ECE-F8A9-4659-9ED7-79ADD61E5099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "F648A08A-24EF-45A5-B7FD-00CAD5892061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "DCB3EF92-1CEA-4E57-94E7-0C596998F4CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
    }
  ],
  "id": "CVE-2006-1836",
  "lastModified": "2024-11-21T00:09:52.760",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-04-19T16:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19682"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/100"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015953"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17571"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1386"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2006-1836

Vulnerability from cvelistv5

var-200604-0363

Vulnerability from variot

gsd-2006-1836

Vulnerability from gsd

ghsa-q73f-wrp7-jcr3

Vulnerability from github

cve-2006-1836

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature