cvelistv5 - cve-2006-4392

CVE-2006-4392 (GCVE-0-2006-4392)

Vulnerability from cvelistv5 – Published: 2006-10-02 20:00 – Updated: 2024-08-07 19:06

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/20271	vdb-entryx_refsource_BID
	http://securitytracker.com/id?1016954	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/22187	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/3852	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securityfocus.com/archive/1/447396/100…	mailing-listx_refsource_BUGTRAQ
	http://www.kb.cert.org/vuls/id/838404	third-party-advisoryx_refsource_CERT-VN
	http://www.osvdb.org/29269	vdb-entryx_refsource_OSVDB
	http://www.us-cert.gov/cas/techalerts/TA06-275A.html	third-party-advisoryx_refsource_CERT
	http://securityreason.com/securityalert/1663	third-party-advisoryx_refsource_SREASON
	http://www.matasano.com/log/530/matasano-advisory…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:07.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20271",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20271"
          },
          {
            "name": "1016954",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016954"
          },
          {
            "name": "22187",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22187"
          },
          {
            "name": "ADV-2006-3852",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3852"
          },
          {
            "name": "APPLE-SA-2006-09-29",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
          },
          {
            "name": "20060929 Matasano Advisory: MacOS X Mach Exception Server Privilege Escalation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447396/100/0/threaded"
          },
          {
            "name": "VU#838404",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/838404"
          },
          {
            "name": "29269",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/29269"
          },
          {
            "name": "TA06-275A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
          },
          {
            "name": "1663",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1663"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/"
          },
          {
            "name": "macos-kernel-code-execution(29281)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29281"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child\u0027s thread context and task address space in a way that causes the child to call a parent-controlled function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20271",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20271"
        },
        {
          "name": "1016954",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016954"
        },
        {
          "name": "22187",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22187"
        },
        {
          "name": "ADV-2006-3852",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3852"
        },
        {
          "name": "APPLE-SA-2006-09-29",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
        },
        {
          "name": "20060929 Matasano Advisory: MacOS X Mach Exception Server Privilege Escalation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447396/100/0/threaded"
        },
        {
          "name": "VU#838404",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/838404"
        },
        {
          "name": "29269",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/29269"
        },
        {
          "name": "TA06-275A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
        },
        {
          "name": "1663",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1663"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/"
        },
        {
          "name": "macos-kernel-code-execution(29281)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29281"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4392",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child\u0027s thread context and task address space in a way that causes the child to call a parent-controlled function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20271",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20271"
            },
            {
              "name": "1016954",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016954"
            },
            {
              "name": "22187",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22187"
            },
            {
              "name": "ADV-2006-3852",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3852"
            },
            {
              "name": "APPLE-SA-2006-09-29",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
            },
            {
              "name": "20060929 Matasano Advisory: MacOS X Mach Exception Server Privilege Escalation",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447396/100/0/threaded"
            },
            {
              "name": "VU#838404",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/838404"
            },
            {
              "name": "29269",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/29269"
            },
            {
              "name": "TA06-275A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
            },
            {
              "name": "1663",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1663"
            },
            {
              "name": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/",
              "refsource": "MISC",
              "url": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/"
            },
            {
              "name": "macos-kernel-code-execution(29281)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29281"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4392",
    "datePublished": "2006-10-02T20:00:00",
    "dateReserved": "2006-08-28T00:00:00",
    "dateUpdated": "2024-08-07T19:06:07.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0760FDDB-38D3-4263-9B4D-1AF5E613A4F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFD4DE58-46C7-4E69-BF36-C5FD768B8248\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF824694-52DE-44E3-ACAD-60B2A84CD3CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B73A0891-A37A-4E0D-AA73-B18BFD6B1447\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26AC38AB-D689-4B2B-9DAE-F03F4DFD15BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C580935-0091-4163-B747-750FB7686973\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB0F2132-8431-4CEF-9A3D-A69425E3834E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8719F3C4-F1DE-49B5-9301-22414A2B6F9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:next:openstep:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"279D9F9B-8C9C-4FF5-B587-F8A362DB79DE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child\u0027s thread context and task address space in a way that causes the child to call a parent-controlled function.\"}, {\"lang\": \"es\", \"value\": \"El n\\u00facleo Mach, usado en sistemas operativos que incluyen (1) Mac OS X 10.4 hata 10.4.7 y (2) OpenStep anterior a 4.2, permite a usuarios locales escalar privilegios mediante un proceso padre que fuerza una excepci\\u00f3n en un hijo con setuid activado y usa puertos de excepci\\u00f3n de Mach para modificar el contexto de hilo y el espacio de dierccionamiento de tarea del hijo de forma que provoca que el hijo llame a una funci\\u00f3n controlada por el padre.\"}]",
      "id": "CVE-2006-4392",
      "lastModified": "2024-11-21T00:15:50.820",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-10-03T04:02:00.000",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/22187\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/1663\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1016954\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/838404\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/29269\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/447396/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/20271\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-275A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3852\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29281\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/22187\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/1663\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016954\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/838404\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/29269\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/447396/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/20271\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-275A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3852\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29281\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-4392\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-10-03T04:02:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child\u0027s thread context and task address space in a way that causes the child to call a parent-controlled function.\"},{\"lang\":\"es\",\"value\":\"El n\u00facleo Mach, usado en sistemas operativos que incluyen (1) Mac OS X 10.4 hata 10.4.7 y (2) OpenStep anterior a 4.2, permite a usuarios locales escalar privilegios mediante un proceso padre que fuerza una excepci\u00f3n en un hijo con setuid activado y usa puertos de excepci\u00f3n de Mach para modificar el contexto de hilo y el espacio de dierccionamiento de tarea del hijo de forma que provoca que el hijo llame a una funci\u00f3n controlada por el padre.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0760FDDB-38D3-4263-9B4D-1AF5E613A4F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFD4DE58-46C7-4E69-BF36-C5FD768B8248\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF824694-52DE-44E3-ACAD-60B2A84CD3CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B73A0891-A37A-4E0D-AA73-B18BFD6B1447\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26AC38AB-D689-4B2B-9DAE-F03F4DFD15BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C580935-0091-4163-B747-750FB7686973\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB0F2132-8431-4CEF-9A3D-A69425E3834E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8719F3C4-F1DE-49B5-9301-22414A2B6F9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:next:openstep:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"279D9F9B-8C9C-4FF5-B587-F8A362DB79DE\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/22187\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/1663\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016954\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/838404\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/29269\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447396/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/20271\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-275A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3852\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29281\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/22187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/1663\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016954\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/838404\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/29269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/447396/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/20271\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-275A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3852\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2006-4392

Vulnerability from fkie_nvd - Published: 2006-10-03 04:02 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html	Patch
cve@mitre.org	http://secunia.com/advisories/22187	Patch, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/1663
cve@mitre.org	http://securitytracker.com/id?1016954
cve@mitre.org	http://www.kb.cert.org/vuls/id/838404	US Government Resource
cve@mitre.org	http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/29269
cve@mitre.org	http://www.securityfocus.com/archive/1/447396/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/20271	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-275A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3852
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/29281
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22187	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/1663
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016954
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/838404	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/29269
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447396/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20271	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-275A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3852
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/29281

Impacted products

Vendor	Product	Version
apple	mac_os_x	10.4
apple	mac_os_x	10.4.1
apple	mac_os_x	10.4.2
apple	mac_os_x	10.4.3
apple	mac_os_x	10.4.4
apple	mac_os_x	10.4.5
apple	mac_os_x	10.4.6
apple	mac_os_x	10.4.7
next	openstep	4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0760FDDB-38D3-4263-9B4D-1AF5E613A4F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD4DE58-46C7-4E69-BF36-C5FD768B8248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF824694-52DE-44E3-ACAD-60B2A84CD3CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73A0891-A37A-4E0D-AA73-B18BFD6B1447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "26AC38AB-D689-4B2B-9DAE-F03F4DFD15BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C580935-0091-4163-B747-750FB7686973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB0F2132-8431-4CEF-9A3D-A69425E3834E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8719F3C4-F1DE-49B5-9301-22414A2B6F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:next:openstep:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "279D9F9B-8C9C-4FF5-B587-F8A362DB79DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child\u0027s thread context and task address space in a way that causes the child to call a parent-controlled function."
    },
    {
      "lang": "es",
      "value": "El n\u00facleo Mach, usado en sistemas operativos que incluyen (1) Mac OS X 10.4 hata 10.4.7 y (2) OpenStep anterior a 4.2, permite a usuarios locales escalar privilegios mediante un proceso padre que fuerza una excepci\u00f3n en un hijo con setuid activado y usa puertos de excepci\u00f3n de Mach para modificar el contexto de hilo y el espacio de dierccionamiento de tarea del hijo de forma que provoca que el hijo llame a una funci\u00f3n controlada por el padre."
    }
  ],
  "id": "CVE-2006-4392",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-10-03T04:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22187"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1663"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016954"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/838404"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/29269"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447396/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/20271"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3852"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/838404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/29269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447396/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/20271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29281"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2006-AVI-416

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X, ainsi que certaines applications associées à ce système, telles que Adobe Flash Player, Safari ou QuickDraw. L'exploitation de ces vulnérabilités peut permettre à une personne malveillante d'élever ses privilèges localement, voire d'exécuter des commandes arbitraires à distance.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X, ainsi que certaines applications associées à ce système. Parmi celles-ci :

une vulnérabilité dans CFNetwork, une interface de programmation permettant l'abstraction de certaines fonctionnalités des couches réseau : elle ne manipulerait pas correctement les authentifications SSL. Tout client s'appuyant sur elle, comme le navigateur Safari, pourrait donc montrer une connexion SSL authentifiée et chiffrée (icône cadenas dans la fenêtre du navigateur), bien que l'authentification ne soit pas effectuée.
plusieurs vulnérabilités dans l'application Adobe Flash Player, aussi commentées dans l'avis du CERTA CERTA-2006-AVI-398 : celle-ci ne manipulerait pas convenablement certains fichiers multimedia au format .swf, permettant à un document spécialement construit de contourner le paramètre de sécurité nommé allowScriptAccess de l'application vulnérable.
une vulnérabilité dans l'application ImageIO : elle n'interprèterait pas correctement certaines images JPEG2000. Une personne malveillant pourrait construire un document particulier exploitant cette vulnérabilité, afin d'exécuter du code arbitraire lorsque l'image est visualisée sur le système vulnérable.
une vulnérabilité dans la manipulation des erreurs par le noyau de Mac OS X : quand une erreur survient (fermer une application brutalement par exemple), le noyau fait appel à des ports d'exception Mach. Une personne malveillante pourrait profiter des droits accordés à ces derniers pour élever ses privilèges à ceux de l'administrateur (root).
plusieurs vulnérabilités dans l'application LoginWindow : cette application gère notamment les services autorisés aux utilisateurs qui se connecteraient à distance sur le système. Il serait possible pour une personne malveillante de contourner la politique de contrôle d'accès spécifiée dans le système.
une vulnérabilité dans le service Préferences, servant à configurer le système d'exploitation : les privilèges ne seraient pas correctement nettoyés à la suppression d'un compte administrateur.
une vulnérabilité non documentée concernant la manipulation d'images PICT par l'application QuickDraw Manager.
une vulnérabilité dans le service de messagerie Cyrus SASL, au cours de la négaociation DIGEST-MD5 : une personne malveillante pourrait construire un paquet particulier, perturbant le système vulnérable qui le recevrait.
une vulnérabilité de l'utilitaire WebCore : celui-ci est un moteur de rendu HTML pour le système d'exploitation Mac OS X. C'est un des composants primaires repris dans l'utilitaire WebKit. Il ne manipulerait pas correctement certains documents au format HTML, permettant à un utilisateur d'exécuter du code sur le système qui ouvrirait son document construit de manière malveillante.
une vulnérabilité dans le service d'administration Workgroup Manager, qui n'utiliserait pas correctement les mots de passe ShadowHash avec la hiérarchie des domaines de NetInfo.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple Mac OS X Server v10.4, pour les versions antérieures à 10.4.8.
Apple	N/A	Apple Mac OS X Server version 10.3.9 ;
Apple	N/A	Apple Mac OS X v10.4 , pour les versions antérieures à 10.4.8 ;
Apple	N/A	Apple Mac OS X version 10.3.9 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2006-006 du 29 septembre 2006	None	vendor-advisory
Bulletin de sécurité Apple du 29 septembre 2006 :	-	other
Avis du CERTA CERTA-2006-AVI-398, 'Vulnérabilités dans Adobe Flash Player', du 14 septembre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac OS X Server v10.4, pour les versions ant\u00e9rieures \u00e0 10.4.8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X Server version 10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X v10.4 , pour les versions ant\u00e9rieures \u00e0 10.4.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X version 10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X, ainsi que certaines applications\nassoci\u00e9es \u00e0 ce syst\u00e8me. Parmi celles-ci :\n\n-   une vuln\u00e9rabilit\u00e9 dans CFNetwork, une interface de programmation\n    permettant l\u0027abstraction de certaines fonctionnalit\u00e9s des couches\n    r\u00e9seau : elle ne manipulerait pas correctement les authentifications\n    SSL. Tout client s\u0027appuyant sur elle, comme le navigateur Safari,\n    pourrait donc montrer une connexion SSL authentifi\u00e9e et chiffr\u00e9e\n    (ic\u00f4ne cadenas dans la fen\u00eatre du navigateur), bien que\n    l\u0027authentification ne soit pas effectu\u00e9e.\n-   plusieurs vuln\u00e9rabilit\u00e9s dans l\u0027application Adobe Flash Player,\n    aussi comment\u00e9es dans l\u0027avis du CERTA CERTA-2006-AVI-398 : celle-ci\n    ne manipulerait pas convenablement certains fichiers multimedia au\n    format .swf, permettant \u00e0 un document sp\u00e9cialement construit de\n    contourner le param\u00e8tre de s\u00e9curit\u00e9 nomm\u00e9 allowScriptAccess de\n    l\u0027application vuln\u00e9rable.\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027application ImageIO : elle n\u0027interpr\u00e8terait\n    pas correctement certaines images JPEG2000. Une personne malveillant\n    pourrait construire un document particulier exploitant cette\n    vuln\u00e9rabilit\u00e9, afin d\u0027ex\u00e9cuter du code arbitraire lorsque l\u0027image\n    est visualis\u00e9e sur le syst\u00e8me vuln\u00e9rable.\n-   une vuln\u00e9rabilit\u00e9 dans la manipulation des erreurs par le noyau de\n    Mac OS X : quand une erreur survient (fermer une application\n    brutalement par exemple), le noyau fait appel \u00e0 des ports\n    d\u0027exception Mach. Une personne malveillante pourrait profiter des\n    droits accord\u00e9s \u00e0 ces derniers pour \u00e9lever ses privil\u00e8ges \u00e0 ceux de\n    l\u0027administrateur (root).\n-   plusieurs vuln\u00e9rabilit\u00e9s dans l\u0027application LoginWindow : cette\n    application g\u00e8re notamment les services autoris\u00e9s aux utilisateurs\n    qui se connecteraient \u00e0 distance sur le syst\u00e8me. Il serait possible\n    pour une personne malveillante de contourner la politique de\n    contr\u00f4le d\u0027acc\u00e8s sp\u00e9cifi\u00e9e dans le syst\u00e8me.\n-   une vuln\u00e9rabilit\u00e9 dans le service Pr\u00e9ferences, servant \u00e0 configurer\n    le syst\u00e8me d\u0027exploitation : les privil\u00e8ges ne seraient pas\n    correctement nettoy\u00e9s \u00e0 la suppression d\u0027un compte administrateur.\n-   une vuln\u00e9rabilit\u00e9 non document\u00e9e concernant la manipulation d\u0027images\n    PICT par l\u0027application QuickDraw Manager.\n-   une vuln\u00e9rabilit\u00e9 dans le service de messagerie Cyrus SASL, au cours\n    de la n\u00e9gaociation DIGEST-MD5 : une personne malveillante pourrait\n    construire un paquet particulier, perturbant le syst\u00e8me vuln\u00e9rable\n    qui le recevrait.\n-   une vuln\u00e9rabilit\u00e9 de l\u0027utilitaire WebCore : celui-ci est un moteur\n    de rendu HTML pour le syst\u00e8me d\u0027exploitation Mac OS X. C\u0027est un des\n    composants primaires repris dans l\u0027utilitaire WebKit. Il ne\n    manipulerait pas correctement certains documents au format HTML,\n    permettant \u00e0 un utilisateur d\u0027ex\u00e9cuter du code sur le syst\u00e8me qui\n    ouvrirait son document construit de mani\u00e8re malveillante.\n-   une vuln\u00e9rabilit\u00e9 dans le service d\u0027administration Workgroup\n    Manager, qui n\u0027utiliserait pas correctement les mots de passe\n    ShadowHash avec la hi\u00e9rarchie des domaines de NetInfo.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4640"
    },
    {
      "name": "CVE-2006-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3587"
    },
    {
      "name": "CVE-2006-4395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4395"
    },
    {
      "name": "CVE-2006-4397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4397"
    },
    {
      "name": "CVE-2006-4394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4394"
    },
    {
      "name": "CVE-2006-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1721"
    },
    {
      "name": "CVE-2006-4391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4391"
    },
    {
      "name": "CVE-2006-3311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3311"
    },
    {
      "name": "CVE-2006-4390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4390"
    },
    {
      "name": "CVE-2006-4387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4387"
    },
    {
      "name": "CVE-2006-4393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4393"
    },
    {
      "name": "CVE-2006-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3588"
    },
    {
      "name": "CVE-2006-3946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3946"
    },
    {
      "name": "CVE-2006-4392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4392"
    },
    {
      "name": "CVE-2006-4399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4399"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 29 septembre 2006 :",
      "url": "http://docs.info.apple.com/article.html?artnum=304460"
    },
    {
      "title": "Avis du CERTA CERTA-2006-AVI-398, \u0027Vuln\u00e9rabilit\u00e9s dans    Adobe Flash Player\u0027, du 14 septembre 2006 :",
      "url": "http://www.certa/ssi.gouv.fr/site/CERTA-2006-AVI-398/"
    }
  ],
  "reference": "CERTA-2006-AVI-416",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-10-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X, ainsi que certaines applications\nassoci\u00e9es \u00e0 ce syst\u00e8me, telles que Adobe Flash Player, Safari ou\nQuickDraw. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut permettre \u00e0 une\npersonne malveillante d\u0027\u00e9lever ses privil\u00e8ges localement, voire\nd\u0027ex\u00e9cuter des commandes arbitraires \u00e0 distance.\n",
  "title": "Plusieurs vuln\u00e9rabilit\u00e9s dans Apple Mac OS X et des applications associ\u00e9es",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2006-006 du 29 septembre 2006",
      "url": null
    }
  ]
}

CERTA-2006-AVI-416

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X, ainsi que certaines applications associées à ce système. Parmi celles-ci :

une vulnérabilité dans CFNetwork, une interface de programmation permettant l'abstraction de certaines fonctionnalités des couches réseau : elle ne manipulerait pas correctement les authentifications SSL. Tout client s'appuyant sur elle, comme le navigateur Safari, pourrait donc montrer une connexion SSL authentifiée et chiffrée (icône cadenas dans la fenêtre du navigateur), bien que l'authentification ne soit pas effectuée.
plusieurs vulnérabilités dans l'application Adobe Flash Player, aussi commentées dans l'avis du CERTA CERTA-2006-AVI-398 : celle-ci ne manipulerait pas convenablement certains fichiers multimedia au format .swf, permettant à un document spécialement construit de contourner le paramètre de sécurité nommé allowScriptAccess de l'application vulnérable.
une vulnérabilité dans l'application ImageIO : elle n'interprèterait pas correctement certaines images JPEG2000. Une personne malveillant pourrait construire un document particulier exploitant cette vulnérabilité, afin d'exécuter du code arbitraire lorsque l'image est visualisée sur le système vulnérable.
une vulnérabilité dans la manipulation des erreurs par le noyau de Mac OS X : quand une erreur survient (fermer une application brutalement par exemple), le noyau fait appel à des ports d'exception Mach. Une personne malveillante pourrait profiter des droits accordés à ces derniers pour élever ses privilèges à ceux de l'administrateur (root).
plusieurs vulnérabilités dans l'application LoginWindow : cette application gère notamment les services autorisés aux utilisateurs qui se connecteraient à distance sur le système. Il serait possible pour une personne malveillante de contourner la politique de contrôle d'accès spécifiée dans le système.
une vulnérabilité dans le service Préferences, servant à configurer le système d'exploitation : les privilèges ne seraient pas correctement nettoyés à la suppression d'un compte administrateur.
une vulnérabilité non documentée concernant la manipulation d'images PICT par l'application QuickDraw Manager.
une vulnérabilité dans le service de messagerie Cyrus SASL, au cours de la négaociation DIGEST-MD5 : une personne malveillante pourrait construire un paquet particulier, perturbant le système vulnérable qui le recevrait.
une vulnérabilité de l'utilitaire WebCore : celui-ci est un moteur de rendu HTML pour le système d'exploitation Mac OS X. C'est un des composants primaires repris dans l'utilitaire WebKit. Il ne manipulerait pas correctement certains documents au format HTML, permettant à un utilisateur d'exécuter du code sur le système qui ouvrirait son document construit de manière malveillante.
une vulnérabilité dans le service d'administration Workgroup Manager, qui n'utiliserait pas correctement les mots de passe ShadowHash avec la hiérarchie des domaines de NetInfo.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple Mac OS X Server v10.4, pour les versions antérieures à 10.4.8.
Apple	N/A	Apple Mac OS X Server version 10.3.9 ;
Apple	N/A	Apple Mac OS X v10.4 , pour les versions antérieures à 10.4.8 ;
Apple	N/A	Apple Mac OS X version 10.3.9 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2006-006 du 29 septembre 2006	None	vendor-advisory
Bulletin de sécurité Apple du 29 septembre 2006 :	-	other
Avis du CERTA CERTA-2006-AVI-398, 'Vulnérabilités dans Adobe Flash Player', du 14 septembre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac OS X Server v10.4, pour les versions ant\u00e9rieures \u00e0 10.4.8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X Server version 10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X v10.4 , pour les versions ant\u00e9rieures \u00e0 10.4.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X version 10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X, ainsi que certaines applications\nassoci\u00e9es \u00e0 ce syst\u00e8me. Parmi celles-ci :\n\n-   une vuln\u00e9rabilit\u00e9 dans CFNetwork, une interface de programmation\n    permettant l\u0027abstraction de certaines fonctionnalit\u00e9s des couches\n    r\u00e9seau : elle ne manipulerait pas correctement les authentifications\n    SSL. Tout client s\u0027appuyant sur elle, comme le navigateur Safari,\n    pourrait donc montrer une connexion SSL authentifi\u00e9e et chiffr\u00e9e\n    (ic\u00f4ne cadenas dans la fen\u00eatre du navigateur), bien que\n    l\u0027authentification ne soit pas effectu\u00e9e.\n-   plusieurs vuln\u00e9rabilit\u00e9s dans l\u0027application Adobe Flash Player,\n    aussi comment\u00e9es dans l\u0027avis du CERTA CERTA-2006-AVI-398 : celle-ci\n    ne manipulerait pas convenablement certains fichiers multimedia au\n    format .swf, permettant \u00e0 un document sp\u00e9cialement construit de\n    contourner le param\u00e8tre de s\u00e9curit\u00e9 nomm\u00e9 allowScriptAccess de\n    l\u0027application vuln\u00e9rable.\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027application ImageIO : elle n\u0027interpr\u00e8terait\n    pas correctement certaines images JPEG2000. Une personne malveillant\n    pourrait construire un document particulier exploitant cette\n    vuln\u00e9rabilit\u00e9, afin d\u0027ex\u00e9cuter du code arbitraire lorsque l\u0027image\n    est visualis\u00e9e sur le syst\u00e8me vuln\u00e9rable.\n-   une vuln\u00e9rabilit\u00e9 dans la manipulation des erreurs par le noyau de\n    Mac OS X : quand une erreur survient (fermer une application\n    brutalement par exemple), le noyau fait appel \u00e0 des ports\n    d\u0027exception Mach. Une personne malveillante pourrait profiter des\n    droits accord\u00e9s \u00e0 ces derniers pour \u00e9lever ses privil\u00e8ges \u00e0 ceux de\n    l\u0027administrateur (root).\n-   plusieurs vuln\u00e9rabilit\u00e9s dans l\u0027application LoginWindow : cette\n    application g\u00e8re notamment les services autoris\u00e9s aux utilisateurs\n    qui se connecteraient \u00e0 distance sur le syst\u00e8me. Il serait possible\n    pour une personne malveillante de contourner la politique de\n    contr\u00f4le d\u0027acc\u00e8s sp\u00e9cifi\u00e9e dans le syst\u00e8me.\n-   une vuln\u00e9rabilit\u00e9 dans le service Pr\u00e9ferences, servant \u00e0 configurer\n    le syst\u00e8me d\u0027exploitation : les privil\u00e8ges ne seraient pas\n    correctement nettoy\u00e9s \u00e0 la suppression d\u0027un compte administrateur.\n-   une vuln\u00e9rabilit\u00e9 non document\u00e9e concernant la manipulation d\u0027images\n    PICT par l\u0027application QuickDraw Manager.\n-   une vuln\u00e9rabilit\u00e9 dans le service de messagerie Cyrus SASL, au cours\n    de la n\u00e9gaociation DIGEST-MD5 : une personne malveillante pourrait\n    construire un paquet particulier, perturbant le syst\u00e8me vuln\u00e9rable\n    qui le recevrait.\n-   une vuln\u00e9rabilit\u00e9 de l\u0027utilitaire WebCore : celui-ci est un moteur\n    de rendu HTML pour le syst\u00e8me d\u0027exploitation Mac OS X. C\u0027est un des\n    composants primaires repris dans l\u0027utilitaire WebKit. Il ne\n    manipulerait pas correctement certains documents au format HTML,\n    permettant \u00e0 un utilisateur d\u0027ex\u00e9cuter du code sur le syst\u00e8me qui\n    ouvrirait son document construit de mani\u00e8re malveillante.\n-   une vuln\u00e9rabilit\u00e9 dans le service d\u0027administration Workgroup\n    Manager, qui n\u0027utiliserait pas correctement les mots de passe\n    ShadowHash avec la hi\u00e9rarchie des domaines de NetInfo.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4640"
    },
    {
      "name": "CVE-2006-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3587"
    },
    {
      "name": "CVE-2006-4395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4395"
    },
    {
      "name": "CVE-2006-4397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4397"
    },
    {
      "name": "CVE-2006-4394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4394"
    },
    {
      "name": "CVE-2006-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1721"
    },
    {
      "name": "CVE-2006-4391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4391"
    },
    {
      "name": "CVE-2006-3311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3311"
    },
    {
      "name": "CVE-2006-4390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4390"
    },
    {
      "name": "CVE-2006-4387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4387"
    },
    {
      "name": "CVE-2006-4393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4393"
    },
    {
      "name": "CVE-2006-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3588"
    },
    {
      "name": "CVE-2006-3946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3946"
    },
    {
      "name": "CVE-2006-4392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4392"
    },
    {
      "name": "CVE-2006-4399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4399"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 29 septembre 2006 :",
      "url": "http://docs.info.apple.com/article.html?artnum=304460"
    },
    {
      "title": "Avis du CERTA CERTA-2006-AVI-398, \u0027Vuln\u00e9rabilit\u00e9s dans    Adobe Flash Player\u0027, du 14 septembre 2006 :",
      "url": "http://www.certa/ssi.gouv.fr/site/CERTA-2006-AVI-398/"
    }
  ],
  "reference": "CERTA-2006-AVI-416",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-10-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X, ainsi que certaines applications\nassoci\u00e9es \u00e0 ce syst\u00e8me, telles que Adobe Flash Player, Safari ou\nQuickDraw. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut permettre \u00e0 une\npersonne malveillante d\u0027\u00e9lever ses privil\u00e8ges localement, voire\nd\u0027ex\u00e9cuter des commandes arbitraires \u00e0 distance.\n",
  "title": "Plusieurs vuln\u00e9rabilit\u00e9s dans Apple Mac OS X et des applications associ\u00e9es",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2006-006 du 29 septembre 2006",
      "url": null
    }
  ]
}

GHSA-2H8F-C5J4-6PQ8

Vulnerability from github – Published: 2022-05-01 07:18 – Updated: 2025-04-09 03:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-4392"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-10-03T04:02:00Z",
    "severity": "HIGH"
  },
  "details": "The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child\u0027s thread context and task address space in a way that causes the child to call a parent-controlled function.",
  "id": "GHSA-2h8f-c5j4-6pq8",
  "modified": "2025-04-09T03:31:44Z",
  "published": "2022-05-01T07:18:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4392"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29281"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22187"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/1663"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016954"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/838404"
    },
    {
      "type": "WEB",
      "url": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/29269"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/447396/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20271"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3852"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200610-0017

Vulnerability from variot - Updated: 2023-12-18 11:00

The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings. Apple Mac OS X of Mach A flaw exists in the kernel's error handling mechanism called exception ports, which allows the execution of privileged crafted programs when certain types of errors occur.By executing a program crafted by a third party, arbitrary code may be executed. These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. Impacts of other vulnerabilities include bypass of security restrictions and denial of service.

Further details are available in the individual Vulnerability Notes for Apple Security Update 2006-006. More information on those vulnerabilities can be found in Adobe Security Bulletin APSB06-11 and the Vulnerability Notes for Adobe Security Bulletin APSB06-11.

II. Impact

The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes for Apple Security Update 2006-006. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.

III. This and other updates are available via Apple Update or via Apple Downloads.

IV. Please send email to cert@cert.org with "TA06-275A Feedback VU#546772" in the subject.

Produced 2006 by US-CERT, a government organization.

http://www.us-cert.gov/legal.html

Revision History

October 02, 2006: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg== =nP7Y -----END PGP SIGNATURE----- .

Want to work within IT-Security?

Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.

Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/

TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA22187

VERIFY ADVISORY: http://secunia.com/advisories/22187/

CRITICAL: Highly critical

IMPACT: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access

WHERE:

From remote

OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/

DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) An error in the CFNetwork component may allow a malicious SSL site to pose as a trusted SLL site to CFNetwork clients (e.g. Safari).

5) An unchecked error condition in the LoginWindow component may result in Kerberos tickets being accessible to other local users after an unsuccessful attempt to log in.

6) Another error in the LoginWindow component during the handling of "Fast User Switching" may result in Kerberos tickets being accessible to other local users.

8) An error makes it possible for an account to manage WebObjects applications after the "Admin" privileges have been revoked.

9) A memory corruption error in QuickDraw Manager when processing PICT images can potentially be exploited via a specially crafted PICT image to execute arbitrary code.

10) An error in SASL can be exploited by malicious people to cause a DoS (Denial of Service) against the IMAP service.

For more information: SA19618

11) A memory management error in WebKit's handling of certain HTML can be exploited by malicious people to compromise a user's system.

SOLUTION: Update to version 10.4.8 or apply Security Update 2006-006. 3) The vendor credits Tom Saxton, Idle Loop Software Design. 4) The vendor credits Dino Dai Zovi, Matasano Security. 5) The vendor credits Patrick Gallagher, Digital Peaks Corporation. 6) The vendor credits Ragnar Sundblad, Royal Institute of Technology. 8) The vendor credits Phillip Tejada, Fruit Bat Software. 12) The vendor credits Chris Pepper, The Rockefeller University.

ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=304460

OTHER REFERENCES: SA19618: http://secunia.com/advisories/19618/

SA20971: http://secunia.com/advisories/20971/

SA21271: http://secunia.com/advisories/21271/

SA21865: http://secunia.com/advisories/21865/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. visiting a malicious website.

2) An unspecified error can be exploited to bypass the "allowScriptAccess" option.

3) Unspecified errors exist in the way the ActiveX control is invoked by Microsoft Office products on Windows.

PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for reporting one of the vulnerabilities. 2) Reported by the vendor. 3) Reported by the vendor

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200610-0017",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 5.6,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "adobe",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "model": "openstep",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "next",
        "version": "4.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4 to  v10.4.7 up to version"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4 to  v10.4.7 up to version"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.3"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "directory pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cosmicperl",
        "version": "10.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.03"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "db": "BID",
        "id": "20271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000659"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4392"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-002"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:next:openstep:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4392"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor credits Adam Bryzak of Queensland University of Technology, Tom Saxton of Idle Loop Software Design, Dino Dai Zovi of Matasano Security, Patrick Gallagher of Digital Peaks Corporation, Ragnar Sundblad of the Royal Institute of Technology, Stockh",
    "sources": [
      {
        "db": "BID",
        "id": "20271"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-4392",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2006-4392",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-20500",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4392",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#346396",
            "trust": 0.8,
            "value": "0.54"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#897628",
            "trust": 0.8,
            "value": "2.76"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#838404",
            "trust": 0.8,
            "value": "1.38"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#546772",
            "trust": 0.8,
            "value": "11.70"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#451380",
            "trust": 0.8,
            "value": "33.41"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#168372",
            "trust": 0.8,
            "value": "14.29"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200610-002",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-20500",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20500"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000659"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4392"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-002"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child\u0027s thread context and task address space in a way that causes the child to call a parent-controlled function. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X  handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker  to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings. Apple Mac OS X of Mach A flaw exists in the kernel\u0027s error handling mechanism called exception ports, which allows the execution of privileged crafted programs when certain types of errors occur.By executing a program crafted by a third party, arbitrary code may be executed. \nThese issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. Impacts of other vulnerabilities include bypass of security\n   restrictions and denial of service. \n\n\nI. \n\n   Further details are available in the individual Vulnerability Notes\n   for Apple Security Update 2006-006. More information on those vulnerabilities can\n   be found in Adobe Security Bulletin APSB06-11 and the Vulnerability\n   Notes for Adobe Security Bulletin APSB06-11. \n\nII. Impact\n\n   The impacts of these vulnerabilities vary. For information about\n   specific impacts, please see the Vulnerability Notes for Apple\n   Security Update 2006-006. Potential consequences include remote\n   execution of arbitrary code or commands, bypass of security\n   restrictions, and denial of service. \n\n\nIII. This and other updates are\n   available via Apple Update or via Apple Downloads. \n\n\nIV. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-275A Feedback VU#546772\" in the\n subject. \n _________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n   \u003chttp://www.us-cert.gov/legal.html\u003e\n\n _________________________________________________________________\n\n   Revision History\n\n   October 02, 2006: Initial release\n  \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn\nY81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY\nmy6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY\ngOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep\nfEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ\nELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==\n=nP7Y\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nMac OS X Security Update Fixes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA22187\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22187/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSecurity Bypass, Spoofing, Exposure of sensitive information,\nPrivilege escalation, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) An error in the CFNetwork component may allow a malicious SSL site\nto pose as a trusted SLL site to CFNetwork clients (e.g. Safari). \n\n5) An unchecked error condition in the LoginWindow component may\nresult in Kerberos tickets being accessible to other local users\nafter an unsuccessful attempt to log in. \n\n6) Another error in the LoginWindow component during the handling of\n\"Fast User Switching\" may result in Kerberos tickets being accessible\nto other local users. \n\n8) An error makes it possible for an account to manage WebObjects\napplications after the \"Admin\" privileges have been revoked. \n\n9) A memory corruption error in QuickDraw Manager when processing\nPICT images can potentially be exploited via a specially crafted PICT\nimage to execute arbitrary code. \n\n10) An error in SASL can be exploited by malicious people to cause a\nDoS (Denial of Service) against the IMAP service. \n\nFor more information:\nSA19618\n\n11) A memory management error in WebKit\u0027s handling of certain HTML\ncan be exploited by malicious people to compromise a user\u0027s system. \n\nSOLUTION:\nUpdate to version 10.4.8 or apply Security Update 2006-006. \n3) The vendor credits Tom Saxton, Idle Loop Software Design. \n4) The vendor credits Dino Dai Zovi, Matasano Security. \n5) The vendor credits Patrick Gallagher, Digital Peaks Corporation. \n6) The vendor credits Ragnar Sundblad, Royal Institute of\nTechnology. \n8) The vendor credits Phillip Tejada, Fruit Bat Software. \n12) The vendor credits Chris Pepper, The Rockefeller University. \n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=304460\n\nOTHER REFERENCES:\nSA19618:\nhttp://secunia.com/advisories/19618/\n\nSA20971:\nhttp://secunia.com/advisories/20971/\n\nSA21271:\nhttp://secunia.com/advisories/21271/\n\nSA21865:\nhttp://secunia.com/advisories/21865/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. visiting a malicious website. \n\n2) An unspecified error can be exploited to bypass the\n\"allowScriptAccess\" option. \n\n3) Unspecified errors exist in the way the ActiveX control is invoked\nby Microsoft Office products on Windows. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for\nreporting one of the vulnerabilities. \n2) Reported by the vendor. \n3) Reported by the vendor",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4392"
      },
      {
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000659"
      },
      {
        "db": "BID",
        "id": "20271"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20500"
      },
      {
        "db": "PACKETSTORM",
        "id": "50620"
      },
      {
        "db": "PACKETSTORM",
        "id": "50441"
      },
      {
        "db": "PACKETSTORM",
        "id": "49912"
      }
    ],
    "trust": 7.29
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-20500",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20500"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "22187",
        "trust": 6.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404",
        "trust": 3.3
      },
      {
        "db": "USCERT",
        "id": "TA06-275A",
        "trust": 2.9
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4392",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "20271",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "21865",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "1663",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "29269",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1016954",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3852",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#847468",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#346396",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-275A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000659",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-002",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "29281",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "TA06-275A",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2006-09-29",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060929 MATASANO ADVISORY: MACOS X MACH EXCEPTION SERVER PRIVILEGE ESCALATION",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50741",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "2463",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "2464",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-64045",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-20500",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50620",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50441",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "49912",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20500"
      },
      {
        "db": "BID",
        "id": "20271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000659"
      },
      {
        "db": "PACKETSTORM",
        "id": "50620"
      },
      {
        "db": "PACKETSTORM",
        "id": "50441"
      },
      {
        "db": "PACKETSTORM",
        "id": "49912"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4392"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-002"
      }
    ]
  },
  "id": "VAR-200610-0017",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20500"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:00:26.908000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Mac OS X 10.4.8 Update (Intel)",
        "trust": 0.8,
        "url": "http://www.apple.com/support/downloads/macosx1048updateintel.html"
      },
      {
        "title": "Mac OS X 10.4.8 Update (PPC)",
        "trust": 0.8,
        "url": "http://www.apple.com/support/downloads/macosx1048updateppc.html"
      },
      {
        "title": "Mac OS X 10.4.8 and Security Update 2006-006",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=304460"
      },
      {
        "title": "Mac OS X 10.4.8 and Security Update 2006-006",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=304460-ja"
      },
      {
        "title": "Mac OS X 10.4.8 Update (Intel)",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/ftp-info/reference/macosx1048updateintel.html"
      },
      {
        "title": "Mac OS X 10.4.8 Update (PPC)",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/ftp-info/reference/macosx1048updateppc.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000659"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4392"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.9,
        "url": "http://secunia.com/advisories/22187/"
      },
      {
        "trust": 4.4,
        "url": "http://docs.info.apple.com/article.html?artnum=304460"
      },
      {
        "trust": 2.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-275a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/20271"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/838404"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/21865/"
      },
      {
        "trust": 1.7,
        "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/29269"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016954"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/22187"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/1663"
      },
      {
        "trust": 1.6,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2006/3852"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/447396/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/3852"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29281"
      },
      {
        "trust": 0.9,
        "url": "http://www.microsoft.com/technet/security/advisory/925143.mspx"
      },
      {
        "trust": 0.8,
        "url": "http://www.cert.org/tech_tips/home_networks.html#iv"
      },
      {
        "trust": 0.8,
        "url": "http://www.macintouch.com/index.shtml#other.2006.10.03.xvul"
      },
      {
        "trust": 0.8,
        "url": "http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=d9c2fe33"
      },
      {
        "trust": 0.8,
        "url": "http://www.computerterrorism.com/research/ct12-09-2006.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_16494"
      },
      {
        "trust": 0.8,
        "url": "http://www.adobe.com/devnet/security/security_zone/mpsb02-08.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4392"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-275a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-275a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-4392"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-275a.html"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/29281"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/447396/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/447396"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/quality_assurance_analyst/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/web_application_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1048updateintel.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=304460\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apple-2006-006\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-275a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apsb06-11\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/#safari\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate20060061039server.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver1048updateppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver1048comboupdateppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20971/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1048comboupdateintel.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate20060061039client.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver1048updateuniversal.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/19618/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1048updateintel.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1048updateppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1048comboupdateppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21271/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/96/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3191/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6153/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3192/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2634/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7024/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5246/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20500"
      },
      {
        "db": "BID",
        "id": "20271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000659"
      },
      {
        "db": "PACKETSTORM",
        "id": "50620"
      },
      {
        "db": "PACKETSTORM",
        "id": "50441"
      },
      {
        "db": "PACKETSTORM",
        "id": "49912"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4392"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-002"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20500"
      },
      {
        "db": "BID",
        "id": "20271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000659"
      },
      {
        "db": "PACKETSTORM",
        "id": "50620"
      },
      {
        "db": "PACKETSTORM",
        "id": "50441"
      },
      {
        "db": "PACKETSTORM",
        "id": "49912"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4392"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-002"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "date": "2006-09-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "date": "2006-09-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "date": "2006-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20500"
      },
      {
        "date": "2006-09-29T00:00:00",
        "db": "BID",
        "id": "20271"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000659"
      },
      {
        "date": "2006-10-04T21:36:00",
        "db": "PACKETSTORM",
        "id": "50620"
      },
      {
        "date": "2006-10-03T01:14:36",
        "db": "PACKETSTORM",
        "id": "50441"
      },
      {
        "date": "2006-09-12T22:17:26",
        "db": "PACKETSTORM",
        "id": "49912"
      },
      {
        "date": "2006-10-03T04:02:00",
        "db": "NVD",
        "id": "CVE-2006-4392"
      },
      {
        "date": "2006-10-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200610-002"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-11-21T00:00:00",
        "db": "CERT/CC",
        "id": "VU#847468"
      },
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#346396"
      },
      {
        "date": "2006-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#897628"
      },
      {
        "date": "2006-10-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#838404"
      },
      {
        "date": "2006-11-21T00:00:00",
        "db": "CERT/CC",
        "id": "VU#546772"
      },
      {
        "date": "2007-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#451380"
      },
      {
        "date": "2006-11-14T00:00:00",
        "db": "CERT/CC",
        "id": "VU#168372"
      },
      {
        "date": "2018-10-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20500"
      },
      {
        "date": "2006-10-03T18:30:00",
        "db": "BID",
        "id": "20271"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000659"
      },
      {
        "date": "2018-10-17T21:36:56.477000",
        "db": "NVD",
        "id": "CVE-2006-4392"
      },
      {
        "date": "2006-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200610-002"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-002"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Workgroup Manager fails to properly enable ShadowHash passwords",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#847468"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-002"
      }
    ],
    "trust": 0.6
  }
}

GSD-2006-4392

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-4392

Aliases

CVE-2006-4392

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-4392",
    "description": "The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child\u0027s thread context and task address space in a way that causes the child to call a parent-controlled function.",
    "id": "GSD-2006-4392",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2006-4392"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-4392"
      ],
      "details": "The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child\u0027s thread context and task address space in a way that causes the child to call a parent-controlled function.",
      "id": "GSD-2006-4392",
      "modified": "2023-12-13T01:19:51.533259Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-4392",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child\u0027s thread context and task address space in a way that causes the child to call a parent-controlled function."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20271",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/20271"
          },
          {
            "name": "1016954",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016954"
          },
          {
            "name": "22187",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22187"
          },
          {
            "name": "ADV-2006-3852",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3852"
          },
          {
            "name": "APPLE-SA-2006-09-29",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
          },
          {
            "name": "20060929 Matasano Advisory: MacOS X Mach Exception Server Privilege Escalation",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/447396/100/0/threaded"
          },
          {
            "name": "VU#838404",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/838404"
          },
          {
            "name": "29269",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/29269"
          },
          {
            "name": "TA06-275A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
          },
          {
            "name": "1663",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/1663"
          },
          {
            "name": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/",
            "refsource": "MISC",
            "url": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/"
          },
          {
            "name": "macos-kernel-code-execution(29281)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29281"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:next:openstep:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4392"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child\u0027s thread context and task address space in a way that causes the child to call a parent-controlled function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/"
            },
            {
              "name": "APPLE-SA-2006-09-29",
              "refsource": "APPLE",
              "tags": [
                "Patch"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
            },
            {
              "name": "VU#838404",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/838404"
            },
            {
              "name": "TA06-275A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
            },
            {
              "name": "20271",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/20271"
            },
            {
              "name": "22187",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22187"
            },
            {
              "name": "1016954",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016954"
            },
            {
              "name": "29269",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/29269"
            },
            {
              "name": "1663",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/1663"
            },
            {
              "name": "ADV-2006-3852",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3852"
            },
            {
              "name": "macos-kernel-code-execution(29281)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29281"
            },
            {
              "name": "20060929 Matasano Advisory: MacOS X Mach Exception Server Privilege Escalation",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/447396/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-17T21:36Z",
      "publishedDate": "2006-10-03T04:02Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-4392 (GCVE-0-2006-4392)

FKIE_CVE-2006-4392

CERTA-2006-AVI-416

Description

Solution

CERTA-2006-AVI-416

Description

Solution

GHSA-2H8F-C5J4-6PQ8

VAR-200610-0017

GSD-2006-4392

Tags

Sightings

Nomenclature