FKIE_CVE-2006-5710

Vulnerability from fkie_nvd - Published: 2006-11-04 01:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow.
References
cve@mitre.orghttp://docs.info.apple.com/article.html?artnum=304829
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
cve@mitre.orghttp://projects.info-pull.com/mokb/MOKB-01-11-2006.htmlExploit
cve@mitre.orghttp://secunia.com/advisories/22679Exploit, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/23155
cve@mitre.orghttp://securitytracker.com/id?1017151
cve@mitre.orghttp://www.kb.cert.org/vuls/id/191336US Government Resource
cve@mitre.orghttp://www.osvdb.org/30180
cve@mitre.orghttp://www.securityfocus.com/bid/20862Exploit
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA06-333A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/4313Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/4750Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/29965
af854a3a-2127-422b-91ae-364da2661108http://docs.info.apple.com/article.html?artnum=304829
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://projects.info-pull.com/mokb/MOKB-01-11-2006.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22679Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23155
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017151
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/191336US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/30180
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20862Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4313Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4750Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29965
Impacted products
Vendor Product Version
apple mac_os_x 10.4.8
opendarwin darwin_kernel 8.8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opendarwin:darwin_kernel:8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABBD15F1-109A-4E30-AFF0-668418E3FC1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "El controlador Aeropuerto para cierto Orinoco basados en tarjetas de aeropuerto en Darwin kernel 8.8.0 en Apple Mac OS X 10.4.8, y posiblemente otras versiones, permite a un atacante remoto ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una vetana de respuesta de prueba  802.11 sin ning\u00fan campo elemento de validaci\u00f3n de informaci\u00f3n (IE) despu\u00e9s de la cabecera, lo cual dispara un desbordamiento de b\u00fafer basado en pila."
    }
  ],
  "evaluatorSolution": "Failed exploit attempts will likely result in denial-of-service conditions.",
  "id": "CVE-2006-5710",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-11-04T01:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=304829"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://projects.info-pull.com/mokb/MOKB-01-11-2006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22679"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23155"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017151"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/191336"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/30180"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/20862"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4313"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4750"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=304829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://projects.info-pull.com/mokb/MOKB-01-11-2006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/191336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/30180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/20862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29965"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.