cvelistv5 - cve-2006-1836

CVE-2006-1836 (GCVE-0-2006-1836)

Vulnerability from cvelistv5 – Published: 2006-04-19 16:00 – Updated: 2024-08-07 17:27

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://securityreason.com/securityalert/100	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/bid/17571	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2006/1386	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/431318/100…	mailing-listx_refsource_BUGTRAQ
	http://securitytracker.com/id?1015953	vdb-entryx_refsource_SECTRACK
	http://securityresponse.symantec.com/avcenter/sec…	x_refsource_CONFIRM
	http://secunia.com/advisories/19682	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:27:29.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/100"
          },
          {
            "name": "17571",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17571"
          },
          {
            "name": "ADV-2006-1386",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1386"
          },
          {
            "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
          },
          {
            "name": "1015953",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015953"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
          },
          {
            "name": "19682",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19682"
          },
          {
            "name": "liveupdate-exepath-env-privilege-escalation(25839)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/100"
        },
        {
          "name": "17571",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17571"
        },
        {
          "name": "ADV-2006-1386",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1386"
        },
        {
          "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
        },
        {
          "name": "1015953",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015953"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
        },
        {
          "name": "19682",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19682"
        },
        {
          "name": "liveupdate-exepath-env-privilege-escalation(25839)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1836",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/100"
            },
            {
              "name": "17571",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17571"
            },
            {
              "name": "ADV-2006-1386",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1386"
            },
            {
              "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
            },
            {
              "name": "1015953",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015953"
            },
            {
              "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
              "refsource": "CONFIRM",
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
            },
            {
              "name": "19682",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19682"
            },
            {
              "name": "liveupdate-exepath-env-privilege-escalation(25839)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1836",
    "datePublished": "2006-04-19T16:00:00",
    "dateReserved": "2006-04-19T00:00:00",
    "dateUpdated": "2024-08-07T17:27:29.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"05EE17B2-8E91-4413-A35A-183C3000B6A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"FB2DE1ED-01B8-42A1-BA70-BA15328B2E6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"B3F2C272-73E6-4D07-A72D-145A6BF1818C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"50D20D8E-A7D7-4DD6-9918-2E609A7D7620\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"749C0B32-9669-4CD6-8615-BCD76C768532\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"E72D8D65-340C-4505-AA80-F9E7870513EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"242D33E8-1B6B-4562-9F2A-1B34E3B7BC71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"252ACD1B-323F-4139-880D-89D600F29986\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"B2D0922A-3EA3-4BC9-9311-9DCA57338CBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"7225A578-8F62-42BD-99AC-D3385478613A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"FF0903BD-3E78-4024-A773-16100F519B46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"1B390577-F1F1-4821-90FB-967E749F7CCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"44073E2A-A8AB-4D1A-BCFC-8439E40E97E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"D2259605-B720-42B0-8476-6CAE07C7B143\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"9CC3459D-1F86-48A4-9DC2-0E542AEAC97D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"608F8ECE-F8A9-4659-9ED7-79ADD61E5099\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"F648A08A-24EF-45A5-B7FD-00CAD5892061\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*\", \"matchCriteriaId\": \"DCB3EF92-1CEA-4E57-94E7-0C596998F4CF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.\"}]",
      "id": "CVE-2006-1836",
      "lastModified": "2024-11-21T00:09:52.760",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 6.8, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.1, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-04-19T16:06:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/19682\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/100\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://securitytracker.com/id?1015953\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/431318/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/17571\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1386\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25839\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/19682\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/100\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://securitytracker.com/id?1015953\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/431318/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/17571\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1386\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25839\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-1836\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-04-19T16:06:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":6.8,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"05EE17B2-8E91-4413-A35A-183C3000B6A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"FB2DE1ED-01B8-42A1-BA70-BA15328B2E6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"B3F2C272-73E6-4D07-A72D-145A6BF1818C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"50D20D8E-A7D7-4DD6-9918-2E609A7D7620\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"749C0B32-9669-4CD6-8615-BCD76C768532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"E72D8D65-340C-4505-AA80-F9E7870513EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"242D33E8-1B6B-4562-9F2A-1B34E3B7BC71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"252ACD1B-323F-4139-880D-89D600F29986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"B2D0922A-3EA3-4BC9-9311-9DCA57338CBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"7225A578-8F62-42BD-99AC-D3385478613A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"FF0903BD-3E78-4024-A773-16100F519B46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"1B390577-F1F1-4821-90FB-967E749F7CCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"44073E2A-A8AB-4D1A-BCFC-8439E40E97E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"D2259605-B720-42B0-8476-6CAE07C7B143\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"9CC3459D-1F86-48A4-9DC2-0E542AEAC97D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"608F8ECE-F8A9-4659-9ED7-79ADD61E5099\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"F648A08A-24EF-45A5-B7FD-00CAD5892061\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*\",\"matchCriteriaId\":\"DCB3EF92-1CEA-4E57-94E7-0C596998F4CF\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/19682\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/100\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://securitytracker.com/id?1015953\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/431318/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17571\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1386\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25839\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19682\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://securitytracker.com/id?1015953\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/431318/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17571\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1386\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25839\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200604-0363

Vulnerability from variot - Updated: 2023-12-18 12:53

Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. Symantec LiveUpdate for Macintosh is prone to a local privilege-escalation vulnerability. This issue is due to the application's failure to properly use the PATH environment variable in some of its components. A successful exploit allows local attackers to gain superuser privileges, leading to a complete compromise of the affected computer.

TITLE: Symantec LiveUpdate for Machintosh Privilege Escalation

SECUNIA ADVISORY ID: SA19682

VERIFY ADVISORY: http://secunia.com/advisories/19682/

CRITICAL: Less critical

IMPACT: Privilege escalation

WHERE: Local system

SOFTWARE: Symantec Norton Utilities for Macintosh 8.x http://secunia.com/product/5953/ Symantec Norton SystemWorks for Macintosh 3.x http://secunia.com/product/5952/ Symantec Norton Personal Firewall for Macintosh 3.x http://secunia.com/product/5950/ Symantec Norton Internet Security for Macintosh 3.x http://secunia.com/product/5951/ Symantec Norton AntiVirus for Macintosh 9.x http://secunia.com/product/5948/ Symantec Norton AntiVirus for Macintosh 10.x http://secunia.com/product/5949/ Symantec LiveUpdate for Macintosh 3.x http://secunia.com/product/5954/

DESCRIPTION: A vulnerability has been reported in Symantec LiveUpdate for Machintosh, which can be exploited by malicious, local users to gain escalated privileges.

SOLUTION: Apply latest LiveUpdate patch.

PROVIDED AND/OR DISCOVERED BY: The vendor credits DigitalMunition.com.

ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200604-0363",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton personal firewall",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton system works",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton personal firewall",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "3.1"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "9.0.1"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "10.9.1"
      },
      {
        "model": "norton utilities",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "8.0"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "9.0.2"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "9.0.3"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "10.0"
      },
      {
        "model": "liveupdate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "3.0.2"
      },
      {
        "model": "liveupdate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "10.0.1"
      },
      {
        "model": "liveupdate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "3.0.3"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "9.0.0"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "10.0.0"
      },
      {
        "model": "liveupdate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "3.5"
      },
      {
        "model": "liveupdate",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "3.0.1"
      },
      {
        "model": "norton utilities for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.0"
      },
      {
        "model": "norton system works for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton personal firewall for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1"
      },
      {
        "model": "norton personal firewall for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton internet security for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.9.1"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0.1"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0.0"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.3"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.2"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.1"
      },
      {
        "model": "norton antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.0"
      },
      {
        "model": "liveupdate for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.5"
      },
      {
        "model": "liveupdate for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.3"
      },
      {
        "model": "liveupdate for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.2"
      },
      {
        "model": "liveupdate for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.1"
      },
      {
        "model": "liveupdate for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "antivirus for macintosh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "DigitalMunition.com is credited with the discovery of this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2006-1836",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "VHN-17944",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-1836",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200604-296",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-17944",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. Symantec LiveUpdate for Macintosh is prone to a local privilege-escalation vulnerability. This issue is due to the application\u0027s failure to properly use the PATH environment variable in some of its components. \nA successful exploit allows local attackers to gain superuser privileges, leading to a complete compromise of the affected computer. \n\nTITLE:\nSymantec LiveUpdate for Machintosh Privilege Escalation\n\nSECUNIA ADVISORY ID:\nSA19682\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19682/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nSymantec Norton Utilities for Macintosh 8.x\nhttp://secunia.com/product/5953/\nSymantec Norton SystemWorks for Macintosh 3.x\nhttp://secunia.com/product/5952/\nSymantec Norton Personal Firewall for Macintosh 3.x\nhttp://secunia.com/product/5950/\nSymantec Norton Internet Security for Macintosh 3.x\nhttp://secunia.com/product/5951/\nSymantec Norton AntiVirus for Macintosh 9.x\nhttp://secunia.com/product/5948/\nSymantec Norton AntiVirus for Macintosh 10.x\nhttp://secunia.com/product/5949/\nSymantec LiveUpdate for Macintosh 3.x\nhttp://secunia.com/product/5954/\n\nDESCRIPTION:\nA vulnerability has been reported in Symantec LiveUpdate for\nMachintosh, which can be exploited by malicious, local users to gain\nescalated privileges. \n\nSOLUTION:\nApply latest LiveUpdate patch. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits DigitalMunition.com. \n\nORIGINAL ADVISORY:\nhttp://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "db": "PACKETSTORM",
        "id": "45507"
      }
    ],
    "trust": 1.35
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "17571",
        "trust": 2.0
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1836",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "19682",
        "trust": 1.8
      },
      {
        "db": "SREASON",
        "id": "100",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-1386",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1015953",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20060418 [SYMANTEC SECURITY ADVISORY] LIVEUPDATE FOR MACINTOSH LOCAL PRIVILEGE ESCALATION",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "25839",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-17944",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "45507",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "PACKETSTORM",
        "id": "45507"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "id": "VAR-200604-0363",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-17944"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:53:29.709000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://securityresponse.symantec.com/avcenter/security/content/2006.04.17b.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/17571"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1015953"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/19682"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/100"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/1386"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/431318/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/1386"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/25839"
      },
      {
        "trust": 0.3,
        "url": "http://www.symantec.com/avcenter/security/content/2006.04.17b.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5953/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5950/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5951/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5954/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5952/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/19682/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5949/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5948/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "PACKETSTORM",
        "id": "45507"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "PACKETSTORM",
        "id": "45507"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-04-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "date": "2006-04-17T00:00:00",
        "db": "BID",
        "id": "17571"
      },
      {
        "date": "2006-04-19T19:19:57",
        "db": "PACKETSTORM",
        "id": "45507"
      },
      {
        "date": "2006-04-19T16:06:00",
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "date": "2006-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-17944"
      },
      {
        "date": "2007-06-27T19:08:00",
        "db": "BID",
        "id": "17571"
      },
      {
        "date": "2018-10-18T16:36:44.410000",
        "db": "NVD",
        "id": "CVE-2006-1836"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "PACKETSTORM",
        "id": "45507"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Symantec LiveUpdate for Macintosh Local privilege elevation vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "17571"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-296"
      }
    ],
    "trust": 0.9
  }
}

GSD-2006-1836

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-1836

Aliases

CVE-2006-1836

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-1836",
    "description": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.",
    "id": "GSD-2006-1836"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-1836"
      ],
      "details": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.",
      "id": "GSD-2006-1836",
      "modified": "2023-12-13T01:19:55.238614Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-1836",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "100",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/100"
          },
          {
            "name": "17571",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17571"
          },
          {
            "name": "ADV-2006-1386",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1386"
          },
          {
            "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
          },
          {
            "name": "1015953",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015953"
          },
          {
            "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
            "refsource": "CONFIRM",
            "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
          },
          {
            "name": "19682",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19682"
          },
          {
            "name": "liveupdate-exepath-env-privilege-escalation(25839)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1836"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
            },
            {
              "name": "17571",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/17571"
            },
            {
              "name": "19682",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19682"
            },
            {
              "name": "1015953",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015953"
            },
            {
              "name": "100",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/100"
            },
            {
              "name": "ADV-2006-1386",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1386"
            },
            {
              "name": "liveupdate-exepath-env-privilege-escalation(25839)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
            },
            {
              "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.1,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:36Z",
      "publishedDate": "2006-04-19T16:06Z"
    }
  }
}

FKIE_CVE-2006-1836

Vulnerability from fkie_nvd - Published: 2006-04-19 16:06 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/19682	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/100
cve@mitre.org	http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html	Patch
cve@mitre.org	http://securitytracker.com/id?1015953
cve@mitre.org	http://www.securityfocus.com/archive/1/431318/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17571
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1386
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/25839
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19682	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/100
af854a3a-2127-422b-91ae-364da2661108	http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015953
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/431318/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17571
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1386
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25839

Impacted products

Vendor	Product	Version
symantec	liveupdate	3.0
symantec	liveupdate	3.0.1
symantec	liveupdate	3.0.2
symantec	liveupdate	3.0.3
symantec	liveupdate	3.5
symantec	norton_antivirus	9.0.0
symantec	norton_antivirus	9.0.1
symantec	norton_antivirus	9.0.2
symantec	norton_antivirus	9.0.3
symantec	norton_antivirus	10.0
symantec	norton_antivirus	10.0.0
symantec	norton_antivirus	10.0.1
symantec	norton_antivirus	10.9.1
symantec	norton_internet_security	3.0
symantec	norton_personal_firewall	3.0
symantec	norton_personal_firewall	3.1
symantec	norton_system_works	3.0
symantec	norton_utilities	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "05EE17B2-8E91-4413-A35A-183C3000B6A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "FB2DE1ED-01B8-42A1-BA70-BA15328B2E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "B3F2C272-73E6-4D07-A72D-145A6BF1818C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "50D20D8E-A7D7-4DD6-9918-2E609A7D7620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "749C0B32-9669-4CD6-8615-BCD76C768532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "E72D8D65-340C-4505-AA80-F9E7870513EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "242D33E8-1B6B-4562-9F2A-1B34E3B7BC71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "252ACD1B-323F-4139-880D-89D600F29986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "B2D0922A-3EA3-4BC9-9311-9DCA57338CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "7225A578-8F62-42BD-99AC-D3385478613A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "FF0903BD-3E78-4024-A773-16100F519B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "1B390577-F1F1-4821-90FB-967E749F7CCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "44073E2A-A8AB-4D1A-BCFC-8439E40E97E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "D2259605-B720-42B0-8476-6CAE07C7B143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "9CC3459D-1F86-48A4-9DC2-0E542AEAC97D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "608F8ECE-F8A9-4659-9ED7-79ADD61E5099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "F648A08A-24EF-45A5-B7FD-00CAD5892061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*",
              "matchCriteriaId": "DCB3EF92-1CEA-4E57-94E7-0C596998F4CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
    }
  ],
  "id": "CVE-2006-1836",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-04-19T16:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19682"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/100"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015953"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17571"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1386"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-Q73F-WRP7-JCR3

Vulnerability from github – Published: 2022-05-01 06:53 – Updated: 2022-05-01 06:53

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-1836"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-04-19T16:06:00Z",
    "severity": "MODERATE"
  },
  "details": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.",
  "id": "GHSA-q73f-wrp7-jcr3",
  "modified": "2022-05-01T06:53:17Z",
  "published": "2022-05-01T06:53:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1836"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19682"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/100"
    },
    {
      "type": "WEB",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015953"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17571"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1386"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-1836 (GCVE-0-2006-1836)

VAR-200604-0363

GSD-2006-1836

FKIE_CVE-2006-1836

GHSA-Q73F-WRP7-JCR3

Tags

Sightings

Nomenclature