var-200610-0022
Vulnerability from variot
User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. Adobe Flash Player fails to properly handle malformed strings. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Apple Mac OS X is prone to multiple security vulnerabilities. These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. Apple Mac OS X versions prior to 10.4.8 are vulnerable to these issues. There are loopholes in the implementation of Workgroup Manager. Remote administrators can change the encryption method of secret password authentication in network information, when a real password is not actually enabled.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Adobe Flash Player Multiple Unspecified Vulnerabilities
SECUNIA ADVISORY ID: SA21865
VERIFY ADVISORY: http://secunia.com/advisories/21865/
CRITICAL: Highly critical
IMPACT: Security Bypass, System access
WHERE:
From remote
SOFTWARE: Macromedia Flash 8.x http://secunia.com/product/7024/ Macromedia Flash MX 2004 http://secunia.com/product/3192/ Macromedia Flash MX Professional 2004 http://secunia.com/product/3191/ Macromedia Flash Player 7.x http://secunia.com/product/2634/ Macromedia Flash Player 8.x http://secunia.com/product/6153/ Macromedia Flex 1.x http://secunia.com/product/5246/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system. visiting a malicious website.
2) An unspecified error can be exploited to bypass the "allowScriptAccess" option.
3) Unspecified errors exist in the way the ActiveX control is invoked by Microsoft Office products on Windows.
SOLUTION: Update to version 9.0.16.0 or another fixed version (see the vendor advisory for details).
PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for reporting one of the vulnerabilities. 2) Reported by the vendor. 3) Reported by the vendor.
ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb06-11.html
OTHER REFERENCES: Microsoft: http://www.microsoft.com/technet/security/advisory/925143.mspx
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200610-0022",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "adobe",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.7"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4 to v10.4.7 up to version"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "directory pro",
"scope": "eq",
"trust": 0.3,
"vendor": "cosmicperl",
"version": "10.0.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.03"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#847468"
},
{
"db": "CERT/CC",
"id": "VU#451380"
},
{
"db": "CERT/CC",
"id": "VU#168372"
},
{
"db": "BID",
"id": "20271"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000655"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-013"
},
{
"db": "NVD",
"id": "CVE-2006-4399"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4399"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor credits Adam Bryzak of Queensland University of Technology, Tom Saxton of Idle Loop Software Design, Dino Dai Zovi of Matasano Security, Patrick Gallagher of Digital Peaks Corporation, Ragnar Sundblad of the Royal Institute of Technology, Stockh",
"sources": [
{
"db": "BID",
"id": "20271"
}
],
"trust": 0.3
},
"cve": "CVE-2006-4399",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2006-4399",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-20507",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4399",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#451380",
"trust": 0.8,
"value": "33.41"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#168372",
"trust": 0.8,
"value": "14.29"
},
{
"author": "CNNVD",
"id": "CNNVD-200610-013",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-20507",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2006-4399",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#451380"
},
{
"db": "CERT/CC",
"id": "VU#168372"
},
{
"db": "VULHUB",
"id": "VHN-20507"
},
{
"db": "VULMON",
"id": "CVE-2006-4399"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000655"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-013"
},
{
"db": "NVD",
"id": "CVE-2006-4399"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. Adobe Flash Player fails to properly handle malformed strings. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Apple Mac OS X is prone to multiple security vulnerabilities. \nThese issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. \nApple Mac OS X versions prior to 10.4.8 are vulnerable to these issues. There are loopholes in the implementation of Workgroup Manager. Remote administrators can change the encryption method of secret password authentication in network information, when a real password is not actually enabled. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Flash Player Multiple Unspecified Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA21865\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21865/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSecurity Bypass, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nMacromedia Flash 8.x\nhttp://secunia.com/product/7024/\nMacromedia Flash MX 2004\nhttp://secunia.com/product/3192/\nMacromedia Flash MX Professional 2004\nhttp://secunia.com/product/3191/\nMacromedia Flash Player 7.x\nhttp://secunia.com/product/2634/\nMacromedia Flash Player 8.x\nhttp://secunia.com/product/6153/\nMacromedia Flex 1.x\nhttp://secunia.com/product/5246/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Flash Player,\nwhich can be exploited by malicious people to bypass certain security\nrestrictions or compromise a user\u0027s system. visiting a malicious website. \n\n2) An unspecified error can be exploited to bypass the\n\"allowScriptAccess\" option. \n\n3) Unspecified errors exist in the way the ActiveX control is invoked\nby Microsoft Office products on Windows. \n\nSOLUTION:\nUpdate to version 9.0.16.0 or another fixed version (see the vendor\nadvisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for\nreporting one of the vulnerabilities. \n2) Reported by the vendor. \n3) Reported by the vendor. \n\nORIGINAL ADVISORY:\nAdobe:\nhttp://www.adobe.com/support/security/bulletins/apsb06-11.html\n\nOTHER REFERENCES:\nMicrosoft:\nhttp://www.microsoft.com/technet/security/advisory/925143.mspx\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4399"
},
{
"db": "CERT/CC",
"id": "VU#847468"
},
{
"db": "CERT/CC",
"id": "VU#451380"
},
{
"db": "CERT/CC",
"id": "VU#168372"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000655"
},
{
"db": "BID",
"id": "20271"
},
{
"db": "VULHUB",
"id": "VHN-20507"
},
{
"db": "VULMON",
"id": "CVE-2006-4399"
},
{
"db": "PACKETSTORM",
"id": "49912"
}
],
"trust": 4.32
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "22187",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#847468",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2006-4399",
"trust": 2.9
},
{
"db": "USCERT",
"id": "TA06-275A",
"trust": 2.9
},
{
"db": "BID",
"id": "20271",
"trust": 2.9
},
{
"db": "OSVDB",
"id": "29276",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "21865",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016958",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3852",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#451380",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#168372",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA06-275A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000655",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200610-013",
"trust": 0.7
},
{
"db": "XF",
"id": "29302",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA06-275A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-09-29",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-20507",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2006/3852",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2006-4399",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49912",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#847468"
},
{
"db": "CERT/CC",
"id": "VU#451380"
},
{
"db": "CERT/CC",
"id": "VU#168372"
},
{
"db": "VULHUB",
"id": "VHN-20507"
},
{
"db": "VULMON",
"id": "CVE-2006-4399"
},
{
"db": "BID",
"id": "20271"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000655"
},
{
"db": "PACKETSTORM",
"id": "49912"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-013"
},
{
"db": "NVD",
"id": "CVE-2006-4399"
}
]
},
"id": "VAR-200610-0022",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20507"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:56:15.078000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mac OS X 10.4.8 Update (Intel)",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/macosx1048updateintel.html"
},
{
"title": "Mac OS X 10.4.8 Update (PPC)",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/macosx1048updateppc.html"
},
{
"title": "Mac OS X 10.4.8 and Security Update 2006-006",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=304460-ja"
},
{
"title": "Mac OS X 10.4.8 Update (Intel)",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/macosx1048updateintel.html"
},
{
"title": "Mac OS X 10.4.8 Update (PPC)",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/macosx1048updateppc.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000655"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4399"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-275a.html"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/847468"
},
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/20271"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00002.html"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/29276"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1016958"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/22187"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21865/"
},
{
"trust": 1.7,
"url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22187/"
},
{
"trust": 1.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2006/3852"
},
{
"trust": 1.2,
"url": "http://www.vupen.com/english/advisories/2006/3852"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29302"
},
{
"trust": 1.1,
"url": "http://docs.info.apple.com/article.html?artnum=304460"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com/technet/security/advisory/925143.mspx"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=d9c2fe33"
},
{
"trust": 0.8,
"url": "http://www.computerterrorism.com/research/ct12-09-2006.htm"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_16494"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/devnet/security/security_zone/mpsb02-08.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4399"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-275a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta06-275a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-4399"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa06-275a.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/29302"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "/archive/1/447396"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=11810"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3191/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6153/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3192/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2634/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7024/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5246/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#847468"
},
{
"db": "CERT/CC",
"id": "VU#451380"
},
{
"db": "CERT/CC",
"id": "VU#168372"
},
{
"db": "VULHUB",
"id": "VHN-20507"
},
{
"db": "VULMON",
"id": "CVE-2006-4399"
},
{
"db": "BID",
"id": "20271"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000655"
},
{
"db": "PACKETSTORM",
"id": "49912"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-013"
},
{
"db": "NVD",
"id": "CVE-2006-4399"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#847468"
},
{
"db": "CERT/CC",
"id": "VU#451380"
},
{
"db": "CERT/CC",
"id": "VU#168372"
},
{
"db": "VULHUB",
"id": "VHN-20507"
},
{
"db": "VULMON",
"id": "CVE-2006-4399"
},
{
"db": "BID",
"id": "20271"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000655"
},
{
"db": "PACKETSTORM",
"id": "49912"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-013"
},
{
"db": "NVD",
"id": "CVE-2006-4399"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#847468"
},
{
"date": "2006-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#451380"
},
{
"date": "2006-09-20T00:00:00",
"db": "CERT/CC",
"id": "VU#168372"
},
{
"date": "2006-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-20507"
},
{
"date": "2006-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2006-4399"
},
{
"date": "2006-09-29T00:00:00",
"db": "BID",
"id": "20271"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000655"
},
{
"date": "2006-09-12T22:17:26",
"db": "PACKETSTORM",
"id": "49912"
},
{
"date": "2006-10-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-013"
},
{
"date": "2006-10-03T04:02:00",
"db": "NVD",
"id": "CVE-2006-4399"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-21T00:00:00",
"db": "CERT/CC",
"id": "VU#847468"
},
{
"date": "2007-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#451380"
},
{
"date": "2006-11-14T00:00:00",
"db": "CERT/CC",
"id": "VU#168372"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-20507"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2006-4399"
},
{
"date": "2006-10-03T18:30:00",
"db": "BID",
"id": "20271"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000655"
},
{
"date": "2006-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-013"
},
{
"date": "2017-07-20T01:33:04.850000",
"db": "NVD",
"id": "CVE-2006-4399"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-013"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Workgroup Manager fails to properly enable ShadowHash passwords",
"sources": [
{
"db": "CERT/CC",
"id": "VU#847468"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-013"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.