cvelistv5 - CVE-2006-6061

CVE-2006-6061 (GCVE-0-2006-6061)

Vulnerability from cvelistv5

Published

2006-11-22 01:00

Modified

2024-08-07 20:12

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://alastairs-place.net/2006/11/dmg-vulnerability/
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=305214
cve@mitre.org	http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
cve@mitre.org	http://projects.info-pull.com/mokb/MOKB-20-11-2006.html	Exploit, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/23012	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/24479
cve@mitre.org	http://securitytracker.com/id?1017260
cve@mitre.org	http://www.kb.cert.org/vuls/id/367424	US Government Resource
cve@mitre.org	http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/
cve@mitre.org	http://www.osvdb.org/30509
cve@mitre.org	http://www.securityfocus.com/bid/21201	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1017751
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA07-072A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4629
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0930
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30440
af854a3a-2127-422b-91ae-364da2661108	http://alastairs-place.net/2006/11/dmg-vulnerability/
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=305214
af854a3a-2127-422b-91ae-364da2661108	http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://projects.info-pull.com/mokb/MOKB-20-11-2006.html	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23012	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24479
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017260
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/367424	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/30509
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21201	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017751
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-072A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4629
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0930
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30440

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:12:31.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://alastairs-place.net/2006/11/dmg-vulnerability/"
          },
          {
            "name": "TA07-072A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
          },
          {
            "name": "APPLE-SA-2007-03-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=305214"
          },
          {
            "name": "1017751",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017751"
          },
          {
            "name": "23012",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23012"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/"
          },
          {
            "name": "ADV-2006-4629",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4629"
          },
          {
            "name": "30509",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/30509"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html"
          },
          {
            "name": "VU#367424",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/367424"
          },
          {
            "name": "ADV-2007-0930",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0930"
          },
          {
            "name": "1017260",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017260"
          },
          {
            "name": "21201",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21201"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html"
          },
          {
            "name": "macosx-dmg-code-execution(30440)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30440"
          },
          {
            "name": "24479",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24479"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption.  NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://alastairs-place.net/2006/11/dmg-vulnerability/"
        },
        {
          "name": "TA07-072A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
        },
        {
          "name": "APPLE-SA-2007-03-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=305214"
        },
        {
          "name": "1017751",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017751"
        },
        {
          "name": "23012",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23012"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/"
        },
        {
          "name": "ADV-2006-4629",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4629"
        },
        {
          "name": "30509",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/30509"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html"
        },
        {
          "name": "VU#367424",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/367424"
        },
        {
          "name": "ADV-2007-0930",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0930"
        },
        {
          "name": "1017260",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017260"
        },
        {
          "name": "21201",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21201"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html"
        },
        {
          "name": "macosx-dmg-code-execution(30440)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30440"
        },
        {
          "name": "24479",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24479"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-6061",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption.  NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://alastairs-place.net/2006/11/dmg-vulnerability/",
              "refsource": "MISC",
              "url": "http://alastairs-place.net/2006/11/dmg-vulnerability/"
            },
            {
              "name": "TA07-072A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
            },
            {
              "name": "APPLE-SA-2007-03-13",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=305214",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=305214"
            },
            {
              "name": "1017751",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017751"
            },
            {
              "name": "23012",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23012"
            },
            {
              "name": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/",
              "refsource": "MISC",
              "url": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/"
            },
            {
              "name": "ADV-2006-4629",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4629"
            },
            {
              "name": "30509",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/30509"
            },
            {
              "name": "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html",
              "refsource": "MISC",
              "url": "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html"
            },
            {
              "name": "VU#367424",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/367424"
            },
            {
              "name": "ADV-2007-0930",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0930"
            },
            {
              "name": "1017260",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017260"
            },
            {
              "name": "21201",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21201"
            },
            {
              "name": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html",
              "refsource": "MISC",
              "url": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html"
            },
            {
              "name": "macosx-dmg-code-execution(30440)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30440"
            },
            {
              "name": "24479",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24479"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-6061",
    "datePublished": "2006-11-22T01:00:00",
    "dateReserved": "2006-11-21T00:00:00",
    "dateUpdated": "2024-08-07T20:12:31.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-6061\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-11-22T01:07:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption.  NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address.\"},{\"lang\":\"es\",\"value\":\"com.apple.AppleDiskImagecontroller en Apple Mac OS X 10.4.8, y posiblemente otras versiones, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una imagen DMG mal formada que provoca una corrupci\u00f3n de memoria. NOTA: la severidad de este asunto ha sido impugnada por una tercera parte, la cual afirma que el impacto est\u00e1 limitado a una denegaci\u00f3n de servicio (error irrecuperable en el n\u00facleo del sistema, kernel panic) debido a una llamada vm_faultcon una direcci\u00f3n no alineada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09ED46A8-1739-411C-8807-2A416BDB6DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"504D78AB-5374-48C9-B357-DB6BD2267D2D\"}]}]}],\"references\":[{\"url\":\"http://alastairs-place.net/2006/11/dmg-vulnerability/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=305214\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://projects.info-pull.com/mokb/MOKB-20-11-2006.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/23012\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/24479\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017260\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/367424\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/30509\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/21201\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1017751\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-072A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4629\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0930\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30440\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://alastairs-place.net/2006/11/dmg-vulnerability/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=305214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://projects.info-pull.com/mokb/MOKB-20-11-2006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/23012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/24479\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017260\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/367424\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/30509\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/21201\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1017751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-072A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4629\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30440\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-124

Vulnerability from certfr_avis

Plusieurs vulnérabilités affectent MacOS X. Les plus graves permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Plusieurs composants de MacOS X sont sujets à des vulnérabilités, les plus graves permettant à un attaquant distant d'exécuter du code arbitraire.

Les composants impactés sont : ColorSync (CVE-2007-0719), CoreGraphics, Crash Reporter (CVE-2007-0467), CUPS (CVE-2007-0720), Disk Images (CVE-2007-0721, CVE-2007-0722, CVE-2006-6061, CVE-2006-6062, CVE-2006-5679, CVE-2007-0229, CVE-2007-0267, CVE-2007-0299), DS Plug-Ins (CVE-2007-0723), Flash Player (CVE-2006-5330), GNU Tar (CVE-2006-0300, CVE-2006-6097), HFS (CVE-2007-0318), HID Family (CVE-2007-0724), ImageIO (CVE-2007-1071, CVE-2007-0733), Kernel (CVE-2006-5836, CVE-2006-6129, CVE-2006-6173), MySQL Server (CVE-2006-1516, CVE-2006-1517, CVE-2006-2753, CVE-2006-3081, CVE-2006-4031, CVE-2006-4226, CVE-2006-3469), Networking (CVE-2006-6130, CVE-2007-0236), OpenSSH (CVE-2007-0726, CVE-2006-0225, CVE-2006-4924, CVE-2006-5051, CVE-2006-5052), Printing (CVE-2007-0728), QuickDraw Manager (CVE-2007-0588), servermgrd (CVE-2007-0730), SMB File Server (CVE-2007-0731), Software Update (CVE-2007-0463), sudo (CVE-2005-2959), WebLog (CVE-2006-4829).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	macOS	MacOS X 10.3.9 et MacOS X Server 10.3.9 ;
	Apple	macOS	MacOS X 10.4 et MacOS X Server 10.4.

References

Title

Publication Time

var-200611-0487

Vulnerability from variot

com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address. The complete impact of this vulnerability is unclear, but may include execution of arbitrary code or denial of service. The complete impact of this vulnerability is unclear, but may include execution of arbitrary code or denial of service. Service disruption (DoS) It may be in a state. Successfully exploiting this issue allows remote users to crash affected computers, denying service to legitimate users. Mac OS X version 10.4.8 is vulnerable to this issue; other versions may also be affected. Note: Further information from Alastair Houghton reports that this issue cannot be exploited to execute arbitrary code. See the references for details. This vulnerability is triggered if a user is tricked into loading a malicious DMG file, leading to arbitrary kernel mode code execution

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200611-0487",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.3.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.3.9"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "db": "BID",
        "id": "21201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000789"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-6061"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000789"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LMH lmh@info-pull.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-363"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-6061",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2006-6061",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-22169",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#367424",
            "trust": 1.6,
            "value": "15.99"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-6061",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2006-6061",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200611-363",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-22169",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "db": "VULHUB",
        "id": "VHN-22169"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000789"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-6061"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption.  NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address.  The complete impact of this vulnerability is unclear, but may include execution of arbitrary code or denial of service.  The complete impact of this vulnerability is unclear, but may include execution of arbitrary code or denial of service. Service disruption (DoS) It may be in a state. \nSuccessfully exploiting this issue allows remote users to crash affected computers, denying service to legitimate users. \nMac OS X version 10.4.8 is vulnerable to this issue; other versions may also be affected. \nNote: Further information from Alastair Houghton reports that this issue cannot be exploited to execute arbitrary code. See the references for details. This vulnerability is triggered if a user is tricked into loading a malicious DMG file, leading to arbitrary kernel mode code execution",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-6061"
      },
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000789"
      },
      {
        "db": "BID",
        "id": "21201"
      },
      {
        "db": "VULHUB",
        "id": "VHN-22169"
      }
    ],
    "trust": 3.42
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "21201",
        "trust": 4.4
      },
      {
        "db": "NVD",
        "id": "CVE-2006-6061",
        "trust": 4.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#367424",
        "trust": 4.4
      },
      {
        "db": "SECUNIA",
        "id": "23012",
        "trust": 4.1
      },
      {
        "db": "SECUNIA",
        "id": "24479",
        "trust": 3.3
      },
      {
        "db": "SECTRACK",
        "id": "1017751",
        "trust": 3.3
      },
      {
        "db": "SECTRACK",
        "id": "1017260",
        "trust": 2.5
      },
      {
        "db": "USCERT",
        "id": "TA07-072A",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4629",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0930",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "30509",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "30440",
        "trust": 1.4
      },
      {
        "db": "USCERT",
        "id": "SA07-072A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000789",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-363",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2007-03-13",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "TA07-072A",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-22169",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "db": "VULHUB",
        "id": "VHN-22169"
      },
      {
        "db": "BID",
        "id": "21201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000789"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-6061"
      }
    ]
  },
  "id": "VAR-200611-0487",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-22169"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-29T19:58:15.627000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Update 2007-003 (10.3.9 Client)",
        "trust": 0.8,
        "url": "http://www.apple.com/support/downloads/securityupdate20070031039client.html"
      },
      {
        "title": "Security Update 2007-003 (10.3.9 Server)",
        "trust": 0.8,
        "url": "http://www.apple.com/support/downloads/securityupdate20070031039server.html"
      },
      {
        "title": "Security Update 2007-003",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=305214-en"
      },
      {
        "title": "Security Update 2007-003",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=305214-ja"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/"
      },
      {
        "title": "Security Update 2007-003 (10.3.9 Client)",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/ftp-info/reference/securityupdate20070031039client.html"
      },
      {
        "title": "Security Update 2007-003 (10.3.9 Server)",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/ftp-info/reference/securityupdate20070031039server.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000789"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-6061"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.1,
        "url": "http://www.securityfocus.com/bid/21201"
      },
      {
        "trust": 3.3,
        "url": "http://projects.info-pull.com/mokb/mokb-20-11-2006.html"
      },
      {
        "trust": 3.3,
        "url": "http://docs.info.apple.com/article.html?artnum=305214"
      },
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/367424"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta07-072a.html"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/23012/"
      },
      {
        "trust": 2.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6061"
      },
      {
        "trust": 2.0,
        "url": "http://alastairs-place.net/2006/11/dmg-vulnerability/"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/30509"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017260"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1017751"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/23012"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/24479"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/24479/"
      },
      {
        "trust": 1.6,
        "url": "http://securitytracker.com/alerts/2007/mar/1017751.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2006/4629"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/30440"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/4629"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/0930"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30440"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta07-072a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23367424/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta07-072a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-6061"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2006/nov/1017260.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa07-072a.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/0930"
      },
      {
        "trust": 0.3,
        "url": "http://www.info.apple.com/usen/security/security_updates.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "http://kernelfun.blogspot.com/2006/11/mokb-20-11-2006-mac-os-x-apple-udif.html"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "db": "VULHUB",
        "id": "VHN-22169"
      },
      {
        "db": "BID",
        "id": "21201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000789"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-6061"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "db": "VULHUB",
        "id": "VHN-22169"
      },
      {
        "db": "BID",
        "id": "21201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000789"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-6061"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-11-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "date": "2006-11-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "date": "2006-11-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-22169"
      },
      {
        "date": "2006-11-20T00:00:00",
        "db": "BID",
        "id": "21201"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000789"
      },
      {
        "date": "2006-11-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200611-363"
      },
      {
        "date": "2006-11-22T01:07:00",
        "db": "NVD",
        "id": "CVE-2006-6061"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-03-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "date": "2007-03-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-22169"
      },
      {
        "date": "2007-03-15T03:34:00",
        "db": "BID",
        "id": "21201"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000789"
      },
      {
        "date": "2007-04-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200611-363"
      },
      {
        "date": "2024-11-21T00:21:38.483000",
        "db": "NVD",
        "id": "CVE-2006-6061"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-363"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X fails to properly handle corrupted DMG image structures",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      },
      {
        "db": "CERT/CC",
        "id": "VU#367424"
      }
    ],
    "trust": 1.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "21201"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-363"
      }
    ],
    "trust": 0.9
  }
}

ghsa-fx3g-pqv9-p53f

Vulnerability from github

Published

2022-05-01 07:34

Modified

2025-04-09 03:33

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-6061"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-11-22T01:07:00Z",
    "severity": "HIGH"
  },
  "details": "com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption.  NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address.",
  "id": "GHSA-fx3g-pqv9-p53f",
  "modified": "2025-04-09T03:33:45Z",
  "published": "2022-05-01T07:34:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6061"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30440"
    },
    {
      "type": "WEB",
      "url": "http://alastairs-place.net/2006/11/dmg-vulnerability"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    },
    {
      "type": "WEB",
      "url": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23012"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24479"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017260"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/367424"
    },
    {
      "type": "WEB",
      "url": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/30509"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/21201"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017751"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4629"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0930"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2006-6061

Vulnerability from fkie_nvd

Published

2006-11-22 01:07

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://alastairs-place.net/2006/11/dmg-vulnerability/
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=305214
cve@mitre.org	http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
cve@mitre.org	http://projects.info-pull.com/mokb/MOKB-20-11-2006.html	Exploit, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/23012	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/24479
cve@mitre.org	http://securitytracker.com/id?1017260
cve@mitre.org	http://www.kb.cert.org/vuls/id/367424	US Government Resource
cve@mitre.org	http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/
cve@mitre.org	http://www.osvdb.org/30509
cve@mitre.org	http://www.securityfocus.com/bid/21201	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1017751
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA07-072A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4629
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0930
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30440
af854a3a-2127-422b-91ae-364da2661108	http://alastairs-place.net/2006/11/dmg-vulnerability/
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=305214
af854a3a-2127-422b-91ae-364da2661108	http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://projects.info-pull.com/mokb/MOKB-20-11-2006.html	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23012	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24479
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017260
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/367424	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/30509
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21201	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017751
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-072A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4629
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0930
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30440

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	10.4.8
	apple	mac_os_x_server	10.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "504D78AB-5374-48C9-B357-DB6BD2267D2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption.  NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address."
    },
    {
      "lang": "es",
      "value": "com.apple.AppleDiskImagecontroller en Apple Mac OS X 10.4.8, y posiblemente otras versiones, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una imagen DMG mal formada que provoca una corrupci\u00f3n de memoria. NOTA: la severidad de este asunto ha sido impugnada por una tercera parte, la cual afirma que el impacto est\u00e1 limitado a una denegaci\u00f3n de servicio (error irrecuperable en el n\u00facleo del sistema, kernel panic) debido a una llamada vm_faultcon una direcci\u00f3n no alineada."
    }
  ],
  "id": "CVE-2006-6061",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-11-22T01:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://alastairs-place.net/2006/11/dmg-vulnerability/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24479"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017260"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/367424"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/30509"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/21201"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017751"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4629"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0930"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://alastairs-place.net/2006/11/dmg-vulnerability/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/367424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/30509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/21201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30440"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2006-6061

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-6061

Aliases

CVE-2006-6061

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-6061",
    "description": "com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption.  NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address.",
    "id": "GSD-2006-6061"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-6061"
      ],
      "details": "com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption.  NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address.",
      "id": "GSD-2006-6061",
      "modified": "2023-12-13T01:19:54.033562Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-6061",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption.  NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://alastairs-place.net/2006/11/dmg-vulnerability/",
            "refsource": "MISC",
            "url": "http://alastairs-place.net/2006/11/dmg-vulnerability/"
          },
          {
            "name": "TA07-072A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
          },
          {
            "name": "APPLE-SA-2007-03-13",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=305214",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=305214"
          },
          {
            "name": "1017751",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017751"
          },
          {
            "name": "23012",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23012"
          },
          {
            "name": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/",
            "refsource": "MISC",
            "url": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/"
          },
          {
            "name": "ADV-2006-4629",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/4629"
          },
          {
            "name": "30509",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/30509"
          },
          {
            "name": "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html",
            "refsource": "MISC",
            "url": "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html"
          },
          {
            "name": "VU#367424",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/367424"
          },
          {
            "name": "ADV-2007-0930",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0930"
          },
          {
            "name": "1017260",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017260"
          },
          {
            "name": "21201",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/21201"
          },
          {
            "name": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html",
            "refsource": "MISC",
            "url": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html"
          },
          {
            "name": "macosx-dmg-code-execution(30440)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30440"
          },
          {
            "name": "24479",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24479"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-6061"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption.  NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html"
            },
            {
              "name": "21201",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/21201"
            },
            {
              "name": "1017260",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017260"
            },
            {
              "name": "23012",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/23012"
            },
            {
              "name": "VU#367424",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/367424"
            },
            {
              "name": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html"
            },
            {
              "name": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/"
            },
            {
              "name": "http://alastairs-place.net/2006/11/dmg-vulnerability/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://alastairs-place.net/2006/11/dmg-vulnerability/"
            },
            {
              "name": "30509",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/30509"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=305214",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=305214"
            },
            {
              "name": "1017751",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1017751"
            },
            {
              "name": "24479",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24479"
            },
            {
              "name": "APPLE-SA-2007-03-13",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
            },
            {
              "name": "TA07-072A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
            },
            {
              "name": "ADV-2006-4629",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/4629"
            },
            {
              "name": "ADV-2007-0930",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0930"
            },
            {
              "name": "macosx-dmg-code-execution(30440)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30440"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-07-20T01:34Z",
      "publishedDate": "2006-11-22T01:07Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-6061 (GCVE-0-2006-6061)

Vulnerability from cvelistv5

CERTA-2007-AVI-124

Vulnerability from certfr_avis

Description

Solution

var-200611-0487

Vulnerability from variot

ghsa-fx3g-pqv9-p53f

Vulnerability from github

fkie_cve-2006-6061

Vulnerability from fkie_nvd

gsd-2006-6061

Vulnerability from gsd

Tags

Sightings

Nomenclature