var-200609-0315
Vulnerability from variot
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. Apple QuickTime fails to properly handle SGI images. Apple From, as a countermeasure version Quicktime 7.1.3 Has been released.Arbitrary code or commands can be executed by a remote third party, DoS You can be attacked. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. (CVE-2006-4380)
There is a bug in the MySQL-Max (and MySQL) init script where the script was not waiting for the mysqld daemon to fully stop. This impacted the restart beahvior during updates, as well as scripted setups that temporarily stopped the server to backup the database files. (Bug #15724)
The Corporate 3 and MNF2 products are not affected by these issues.
Packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 http://qa.mandriva.com/show_bug.cgi?id=15724
Updated Packages:
Mandriva Linux 2006.0: 493567c0514a9823ff00ad729a8bd465 2006.0/RPMS/libmysql14-4.1.12-4.8.20060mdk.i586.rpm 49e04e83e5494e5e649e347bd1afe926 2006.0/RPMS/libmysql14-devel-4.1.12-4.8.20060mdk.i586.rpm 94d9cd0ba5b17473feeb23d56b90c61b 2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.i586.rpm 445d926ba55cc764d19aacfd8fffabad 2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.i586.rpm 0bffe1233e429c393dee9e60cc3e3f84 2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.i586.rpm 064949a85982662857c5f063d20769df 2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.i586.rpm 6bff9b2d2d6c06220eca96b97e63df52 2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.i586.rpm 7ebcd09dd60b04e988156a241e2d5f18 2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.i586.rpm d009b4c577873cc13f68dbc85bc792cd 2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64: d408fc51953b3aa78388ce09f47a8487 x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.8.20060mdk.x86_64.rpm 9145678262d216544c814ba7ceedac9d x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.8.20060mdk.x86_64.rpm cb98cbb09991b13a1300c0446d8e3764 x86_64/2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.x86_64.rpm f5db648daa13716b9ba1d910010a52f4 x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.x86_64.rpm 9cc2996dc0bcf73e054819880d2d780e x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.x86_64.rpm 3b79a86727bf12654c541a2c0b9b3d3c x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.x86_64.rpm c8eefc94838cba03c03fd9493718b8bb x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.x86_64.rpm 4f9e728df755920855f2ac93a3d66bfd x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.x86_64.rpm d009b4c577873cc13f68dbc85bc792cd x86_64/2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFE9wsJmqjQ0CJFipgRAuHgAKCSOK9Vj5b0r1iB1x9afdEie0rTNQCgkgp/ 1ejA4Amd8JfkWa7DQPpj2Mg= =aSz3 -----END PGP SIGNATURE-----
. McAfee, Inc. QuickTime is used by the Mac OS X operating system and by the QuickTime media player for Microsoft Windows.
Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI.
Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed.
The risk rating for these issues is medium.
- Vulnerable Systems
QuickTime 7.1.2 and below for Mac OS X QuickTime for Windows 7.1.2 and below
- Vulnerability Information
CVE-2006-4382
Two buffer overflow vulnerabilities are present in QuickTime MOV format support.
CVE-2006-4384
On heap overflow vulnerability is present in QuickTime FLC format support.
CVE-2006-4385
One buffer overflow vulnerability is present in QuickTime SGI format support.
CVE-2006-4386
One buffer overflow vulnerability is present in QuickTime MOV H.264 format support.
CVE-2006-4388
One buffer overflow vulnerability is present in QuickTime FlashPix (FPX) format support.
CVE-2006-4389
One uninitialized memory access vulnerability is present in QuickTime FlashPix (FPX) format support.
- Resolution
Apple has included fixes for the QuickTime issues in QuickTime version 7.1.3 for Mac OS X and for Microsoft Windows.
Further information is available at: http://docs.info.apple.com/article.html?artnum=304357
- Credits
These vulnerabilities were discovered by Mike Price of McAfee Avert Labs.
- Legal Notice
Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfee's customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes.
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.
Best regards,
Dave Marcus, B.A., CCNA, MCSE Security Research and Communications Manager McAfee(r) Avert(r) Labs . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gentoo Linux Security Advisory GLSA 200803-08
http://security.gentoo.org/
Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08
Synopsis
Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code.
Background
Win32 binary codecs provide support for video and audio playback.
Workaround
There is no known workaround at this time.
Resolution
All Win32 binary codecs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/win32codecs-20071007-r2"
Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback.
References
[ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e VpxOGmsa3V34PILWdYXqoXE= =70De -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "media-libs/win32codecs 20071007-r2",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sowhat smaillist@gmail.com Mike PricePiotr Bania bania.piotr@gmail.com\u203bRuben Santamarta ruben@reversemode.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
}
],
"trust": 0.6
},
"cve": "CVE-2006-4389",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-20497",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4389",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#308204",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#200316",
"trust": 0.8,
"value": "0.08"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#683700",
"trust": 0.8,
"value": "2.73"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#554252",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#540348",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-159",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-20497",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20497"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. Apple QuickTime fails to properly handle SGI images. Apple From, as a countermeasure version Quicktime 7.1.3 Has been released.Arbitrary code or commands can be executed by a remote third party, DoS You can be attacked. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. (CVE-2006-4380)\n \n There is a bug in the MySQL-Max (and MySQL) init script where the \n script was not waiting for the mysqld daemon to fully stop. This \n impacted the restart beahvior during updates, as well as scripted\n setups that temporarily stopped the server to backup the database\n files. (Bug #15724)\n \n The Corporate 3 and MNF2 products are not affected by these issues. \n \n Packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389\n http://qa.mandriva.com/show_bug.cgi?id=15724\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 493567c0514a9823ff00ad729a8bd465 2006.0/RPMS/libmysql14-4.1.12-4.8.20060mdk.i586.rpm\n 49e04e83e5494e5e649e347bd1afe926 2006.0/RPMS/libmysql14-devel-4.1.12-4.8.20060mdk.i586.rpm\n 94d9cd0ba5b17473feeb23d56b90c61b 2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.i586.rpm\n 445d926ba55cc764d19aacfd8fffabad 2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.i586.rpm\n 0bffe1233e429c393dee9e60cc3e3f84 2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.i586.rpm\n 064949a85982662857c5f063d20769df 2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.i586.rpm\n 6bff9b2d2d6c06220eca96b97e63df52 2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.i586.rpm\n 7ebcd09dd60b04e988156a241e2d5f18 2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.i586.rpm\n d009b4c577873cc13f68dbc85bc792cd 2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n d408fc51953b3aa78388ce09f47a8487 x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.8.20060mdk.x86_64.rpm\n 9145678262d216544c814ba7ceedac9d x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.8.20060mdk.x86_64.rpm\n cb98cbb09991b13a1300c0446d8e3764 x86_64/2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.x86_64.rpm\n f5db648daa13716b9ba1d910010a52f4 x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.x86_64.rpm\n 9cc2996dc0bcf73e054819880d2d780e x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.x86_64.rpm\n 3b79a86727bf12654c541a2c0b9b3d3c x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.x86_64.rpm\n c8eefc94838cba03c03fd9493718b8bb x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.x86_64.rpm\n 4f9e728df755920855f2ac93a3d66bfd x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.x86_64.rpm\n d009b4c577873cc13f68dbc85bc792cd x86_64/2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFE9wsJmqjQ0CJFipgRAuHgAKCSOK9Vj5b0r1iB1x9afdEie0rTNQCgkgp/\n1ejA4Amd8JfkWa7DQPpj2Mg=\n=aSz3\n-----END PGP SIGNATURE-----\n\n. \nMcAfee, Inc. QuickTime is used by the Mac OS X operating system and\nby the QuickTime media player for Microsoft Windows. \n\nSeven code execution vulnerabilities are present in QuickTime support\nfor various multimedia formats including: MOV, H.264, FLC, FPX and SGI. \n\nExploitation could lead to execution of arbitrary code. User interaction\nis required for an attack to succeed. \n\nThe risk rating for these issues is medium. \n\n_________________________________________________\n\n*\tVulnerable Systems\n\nQuickTime 7.1.2 and below for Mac OS X\nQuickTime for Windows 7.1.2 and below\n\n_________________________________________________\n\n*\tVulnerability Information\n\nCVE-2006-4382\n\nTwo buffer overflow vulnerabilities are present in QuickTime MOV format\nsupport. \n\nCVE-2006-4384\n\nOn heap overflow vulnerability is present in QuickTime FLC format\nsupport. \n\nCVE-2006-4385\n\nOne buffer overflow vulnerability is present in QuickTime SGI format\nsupport. \n\nCVE-2006-4386\n\nOne buffer overflow vulnerability is present in QuickTime MOV H.264\nformat support. \n\nCVE-2006-4388\n\nOne buffer overflow vulnerability is present in QuickTime FlashPix (FPX)\nformat support. \n\nCVE-2006-4389\n\nOne uninitialized memory access vulnerability is present in QuickTime\nFlashPix (FPX) format support. \n\n_________________________________________________\n\n\n*\tResolution\n\nApple has included fixes for the QuickTime issues in QuickTime version\n7.1.3 for Mac OS X and for Microsoft Windows. \n\nFurther information is available at:\nhttp://docs.info.apple.com/article.html?artnum=304357\n\n_________________________________________________\n\n*\tCredits\n\nThese vulnerabilities were discovered by Mike Price of McAfee Avert\nLabs. \n\n_________________________________________________\n\n\n*\tLegal Notice\n\nCopyright (C) 2006 McAfee, Inc. \nThe information contained within this advisory is provided for the\nconvenience of McAfee\u0027s customers, and may be redistributed provided\nthat no fee is charged for distribution and that the advisory is not\nmodified in any way. McAfee makes no representations or warranties\nregarding the accuracy of the information referenced in this document,\nor the suitability of that information for your purposes. \n\nMcAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,\nInc. and/or its affiliated companies in the United States and/or other\nCountries. All other registered and unregistered trademarks in this\ndocument are the sole property of their respective owners. \n\n\nBest regards,\n\nDave Marcus, B.A., CCNA, MCSE\nSecurity Research and Communications Manager\nMcAfee(r) Avert(r) Labs\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200803-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Win32 binary codecs: Multiple vulnerabilities\n Date: March 04, 2008\n Bugs: #150288\n ID: 200803-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in the Win32 codecs for Linux may result in\nthe remote execution of arbitrary code. \n\nBackground\n==========\n\nWin32 binary codecs provide support for video and audio playback. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Win32 binary codecs users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=media-libs/win32codecs-20071007-r2\"\n\nNote: Since no updated binary versions have been released, the\nQuicktime libraries have been removed from the package. Please use the\nfree alternative Quicktime implementations within VLC, MPlayer or Xine\nfor playback. \n\nReferences\n==========\n\n [ 1 ] CVE-2006-4382\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382\n [ 2 ] CVE-2006-4384\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384\n [ 3 ] CVE-2006-4385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385\n [ 4 ] CVE-2006-4386\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386\n [ 5 ] CVE-2006-4388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388\n [ 6 ] CVE-2006-4389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389\n [ 7 ] CVE-2007-4674\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674\n [ 8 ] CVE-2007-6166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200803-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.7 (GNU/Linux)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e\nVpxOGmsa3V34PILWdYXqoXE=\n=70De\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4389"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "VULHUB",
"id": "VHN-20497"
},
{
"db": "PACKETSTORM",
"id": "49698"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
}
],
"trust": 5.85
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "21893",
"trust": 4.9
},
{
"db": "CERT/CC",
"id": "VU#540348",
"trust": 3.6
},
{
"db": "USCERT",
"id": "TA06-256A",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2006-4389",
"trust": 3.1
},
{
"db": "BID",
"id": "19976",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#308204",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#683700",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#554252",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "28769",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016830",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29182",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1554",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3577",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#200316",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200609-159",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA06-256A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060913 MULTIPLE VULNERABILITIES IN APPLE QUICKTIME",
"trust": 0.6
},
{
"db": "XF",
"id": "28938",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-09-12",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200803-08",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "49698",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-20497",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50015",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64267",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20497"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "49698"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"id": "VAR-200609-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20497"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:53:10.410000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT1338",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1338?viewlocale=ja_jp"
},
{
"title": "TA24355",
"trust": 0.8,
"url": "http://support.apple.com/kb/ta24355?viewlocale=ja_jp"
},
{
"title": "HT1222",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1222?viewlocale=ja_jp"
},
{
"title": "QuickTime 7.1.3 Update \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b3\u30f3\u30c6\u30f3\u30c4\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime713.html"
},
{
"title": "QuickTime - \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 QuickTime Player \u30b9\u30bf\u30f3\u30c9\u30a2\u30ed\u30f3\u7248\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/"
},
{
"title": "TA06-256A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-256a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.0,
"url": "http://docs.info.apple.com/article.html?artnum=304357"
},
{
"trust": 3.3,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html"
},
{
"trust": 3.2,
"url": "http://secunia.com/advisories/21893/"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/540348"
},
{
"trust": 2.4,
"url": "http://www.apple.com/support/downloads/quicktime713.html"
},
{
"trust": 2.4,
"url": "http://www.apple.com/quicktime/download/standalone.html"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/reading_room/securing_browser/"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19976"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28769"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016830"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21893"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29182"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1554"
},
{
"trust": 1.1,
"url": "http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3577"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28938"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/308204"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/554252"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/683700"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4389"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4386"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4385"
},
{
"trust": 0.8,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 0.8,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4382"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-256a/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4382"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4385"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4389"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4386"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2006/20060913_173644.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/445888/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3577"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28938"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/200316"
},
{
"trust": 0.3,
"url": "/archive/1/445830"
},
{
"trust": 0.3,
"url": "/archive/1/445831"
},
{
"trust": 0.3,
"url": "/archive/1/445888"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4389"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4382"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4385"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4384"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4388"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4386"
},
{
"trust": 0.1,
"url": "http://qa.mandriva.com/show_bug.cgi?id=15724"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4384"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4388"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4382"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20497"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "49698"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20497"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "49698"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2006-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-20497"
},
{
"date": "2006-09-12T00:00:00",
"db": "BID",
"id": "19976"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"date": "2006-09-07T06:30:54",
"db": "PACKETSTORM",
"id": "49698"
},
{
"date": "2006-09-14T07:22:52",
"db": "PACKETSTORM",
"id": "50015"
},
{
"date": "2008-03-04T22:49:07",
"db": "PACKETSTORM",
"id": "64267"
},
{
"date": "2006-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"date": "2006-09-12T23:07:00",
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20497"
},
{
"date": "2008-03-04T23:32:00",
"db": "BID",
"id": "19976"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"date": "2006-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"date": "2018-10-17T21:36:55.430000",
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime fails to properly handle SGI images",
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.