var-200605-0205
Vulnerability from variot
Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked. Apple Mac OS X is reported prone to multiple security vulnerabilities. These issue affect Mac OS X in the following applications or modules: - AppKit - ImageIO - BOM - CFNetwork - ClamAV - CoreFoundation - CoreGraphics - Finder - FTPServer - Flash Player - ImageIO - Keychain - LaunchServices - libcurl - Mail - MySQL Manager - Preview - QuickDraw - QuickTime Streaming Server - Ruby - Safari A remote attacker may exploit these issues to execute arbitrary code, trigger a denial-of-service condition, gain access to potentially sensitive information, or overwrite files. Other attacks may also be possible. Apple Mac OS X 10.4.6 and prior are reported vulnerable to these issues.
1) An error in the AppKit framework allows an application to read characters entered into secure text field in the same window session.
2) Errors in the AppKit and ImageIO framework when processing GIF and TIFF images can be exploited to crash an application or potentially execute arbitrary code.
For more information: SA19686
3) A boundary error within the BOM component when expanding archives can be exploited to crash an application or potentially execute arbitrary code.
For more information: SA19686
4) An input validation error in the BOM component when expanding archives can be exploited to cause files to be written to arbitrary locations outside the specified directory via directory traversal attacks.
5) An integer overflow error in the CFNetwork component when handling chunked transfer encoding may allow execution of arbitrary code if a user is tricked into visiting a malicious web site.
6) Errors in ClamAV when processing specially crafted email messages may allow execution of arbitrary code.
For more information: SA19534
7) An error in the CoreFoundation component allows dynamic libraries to load and execute when a bundle is registered. This can be exploited to execute arbitrary code if an untrusted bundle is registered.
8) An integer underflow error within the "CFStringGetFileSystemRepresentation()" API during string conversion may allow execution of arbitrary code.
9) An error in the CoreGraphics component allows an application in the same window session to read characters entered into secure text field when "Enable access for assistive devices" is enabled.
10) An error in Finder within the handling of Internet Location items makes it possible to specify a different Internet Location type than the actual URL scheme used. This may allow execution of arbitrary code when launching an Internet Location item.
11) Boundary errors in the FTPServer component when handling path names can be exploited to malicious users to cause a buffer overflow, which may allow execution of arbitrary code.
12) Various errors in the Flash Player makes it possible to compromise a user's system via specially crafted Flash files.
For more information: SA17430 SA19218
13) An integer overflow error in the ImageIO framework when processing JPEG images can be exploited to crash an application or potentially execute arbitrary code.
15) An error in the LaunchServices component when processing long filename extensions may allow bypassing of the Download Validation functionality.
16) Boundary errors in the libcurl URL handling may allow execution of arbitrary code.
For more information: SA17907
17) An integer overflow error in the Mail component may allow execution of arbitrary code when viewing a specially crafted email message with MacMIME encapsulated attachments.
18) An error in the Mail component when handling invalid colour information in enriched text email messages may allow execution of arbitrary code.
19) An design error in MySQL Manager makes it possible to access the MySQL database with an empty password as the MySQL password supplying during initial setup is not used.
20) A boundary error in the Preview component may allow execution of arbitrary code via a stack-based buffer overflow when navigating a specially crafted directory hierarchy.
21) Two boundary errors in the QuickDraw component when processing of PICT images can be exploited to either cause a stack-based via a PICT image with specially crafted font information or a heap-based buffer overflow via a PICT image with specially crafted image data. This can be exploited to crash an application and potentially execute arbitrary code.
22) A NULL pointer dereference error in QuickTime Streaming Server when processing QuickTime movies with a missing track can be exploited to crash the application.
23) A boundary error in QuickTime Streaming Server when processing RTSP requests can be exploited to crash the application or potentially execute arbitrary code.
24) An error in Ruby can be exploited to bypass safe level restrictions.
For more information: SA16904
25) An error in Safari when handling archives with symbolic links may place the symbolic links on a user's desktop. This requires that the "Open 'safe' files after downloading" option is enabled.
SOLUTION: Apply Security Update 2006-003. 13) The vendor credits Brent Simmons, NewsGator Technologies. 14) The vendor credits Tobias Hahn, HU Berlin. 19) The vendor credits Ben Low, University of New South Wales. 21) The vendor credits Mike Price, McAfee AVERT Labs. 23) Mu Security research team
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=303737
OTHER REFERENCES: SA19686: http://secunia.com/advisories/19686/
SA19534: http://secunia.com/advisories/19534/
SA17430: http://secunia.com/advisories/17430/
SA19218: http://secunia.com/advisories/19218/
SA17907: http://secunia.com/advisories/17907/
SA16904: http://secunia.com/advisories/16904/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Impacts of other vulnerabilities include bypassing security restrictions and denial of service.
I. Further details are available in the individual Vulnerability Notes.
II. Impact
The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.
III. This and other updates are available via Apple Update. Please see the Vulnerability Notes for individual reporter acknowledgements.
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-132A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-132A Feedback VU#519473" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
May 12, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRGTxnX0pj593lg50AQKebgf+PTa7qCt6QQRcXGlJ3vjPFOdO1VNRMGr8 WOP8JKHbCK93O3E6YtHJ3nQTJBfyq169TQijWvoWvjjXM603DojGXUXgTBZFhTSG c4L0jE2+nD3273nZXGPreFJAsPxK6me7d4Of/KQ/prJnUfrnWNxfrP90CmXRKNLD +4eC4BEjNXCqpb0ki62WQM7NED6IgfgNZWfO7faTSRYNRdEyLAgetQxZVm5eepyK BJO3rRBBRkOIkIIG5o/J5ViqgiuUP75N37QqTc7BtyzQR2OeWepytJvkMvJUBVAG r0fLUKvhT4wdHxsNGVGCxLNf3NHG1UuWNO3UZ9MeBmREdmeT+K0l9A== =cabu -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200605-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.9"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "directory pro",
"scope": "eq",
"trust": 0.3,
"vendor": "cosmicperl",
"version": "10.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.03"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mobile safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
}
],
"sources": [
{
"db": "BID",
"id": "17951"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-239"
},
{
"db": "NVD",
"id": "CVE-2006-1446"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mike Price ATmaCA atmaca@atmacasoft.com http://www.zerodayinitiative.com/ Sowhat smaillist@gmail.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-239"
}
],
"trust": 0.6
},
"cve": "CVE-2006-1446",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-1446",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-17554",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-1446",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200605-239",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-17554",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17554"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-239"
},
{
"db": "NVD",
"id": "CVE-2006-1446"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked. Apple Mac OS X is reported prone to multiple security vulnerabilities. \nThese issue affect Mac OS X in the following applications or modules:\n- AppKit\n- ImageIO\n- BOM\n- CFNetwork\n- ClamAV\n- CoreFoundation\n- CoreGraphics\n- Finder\n- FTPServer\n- Flash Player\n- ImageIO\n- Keychain\n- LaunchServices\n- libcurl\n- Mail\n- MySQL Manager\n- Preview\n- QuickDraw\n- QuickTime Streaming Server\n- Ruby\n- Safari\nA remote attacker may exploit these issues to execute arbitrary code, trigger a denial-of-service condition, gain access to potentially sensitive information, or overwrite files. Other attacks may also be possible. \nApple Mac OS X 10.4.6 and prior are reported vulnerable to these issues. \n\n1) An error in the AppKit framework allows an application to read\ncharacters entered into secure text field in the same window\nsession. \n\n2) Errors in the AppKit and ImageIO framework when processing GIF and\nTIFF images can be exploited to crash an application or potentially\nexecute arbitrary code. \n\nFor more information:\nSA19686\n\n3) A boundary error within the BOM component when expanding archives\ncan be exploited to crash an application or potentially execute\narbitrary code. \n\nFor more information:\nSA19686\n\n4) An input validation error in the BOM component when expanding\narchives can be exploited to cause files to be written to arbitrary\nlocations outside the specified directory via directory traversal\nattacks. \n\n5) An integer overflow error in the CFNetwork component when handling\nchunked transfer encoding may allow execution of arbitrary code if a\nuser is tricked into visiting a malicious web site. \n\n6) Errors in ClamAV when processing specially crafted email messages\nmay allow execution of arbitrary code. \n\nFor more information:\nSA19534\n\n7) An error in the CoreFoundation component allows dynamic libraries\nto load and execute when a bundle is registered. This can be\nexploited to execute arbitrary code if an untrusted bundle is\nregistered. \n\n8) An integer underflow error within the\n\"CFStringGetFileSystemRepresentation()\" API during string conversion\nmay allow execution of arbitrary code. \n\n9) An error in the CoreGraphics component allows an application in\nthe same window session to read characters entered into secure text\nfield when \"Enable access for assistive devices\" is enabled. \n\n10) An error in Finder within the handling of Internet Location items\nmakes it possible to specify a different Internet Location type than\nthe actual URL scheme used. This may allow execution of arbitrary\ncode when launching an Internet Location item. \n\n11) Boundary errors in the FTPServer component when handling path\nnames can be exploited to malicious users to cause a buffer overflow,\nwhich may allow execution of arbitrary code. \n\n12) Various errors in the Flash Player makes it possible to\ncompromise a user\u0027s system via specially crafted Flash files. \n\nFor more information:\nSA17430\nSA19218\n\n13) An integer overflow error in the ImageIO framework when\nprocessing JPEG images can be exploited to crash an application or\npotentially execute arbitrary code. \n\n15) An error in the LaunchServices component when processing long\nfilename extensions may allow bypassing of the Download Validation\nfunctionality. \n\n16) Boundary errors in the libcurl URL handling may allow execution\nof arbitrary code. \n\nFor more information:\nSA17907\n\n17) An integer overflow error in the Mail component may allow\nexecution of arbitrary code when viewing a specially crafted email\nmessage with MacMIME encapsulated attachments. \n\n18) An error in the Mail component when handling invalid colour\ninformation in enriched text email messages may allow execution of\narbitrary code. \n\n19) An design error in MySQL Manager makes it possible to access the\nMySQL database with an empty password as the MySQL password supplying\nduring initial setup is not used. \n\n20) A boundary error in the Preview component may allow execution of\narbitrary code via a stack-based buffer overflow when navigating a\nspecially crafted directory hierarchy. \n\n21) Two boundary errors in the QuickDraw component when processing of\nPICT images can be exploited to either cause a stack-based via a PICT\nimage with specially crafted font information or a heap-based buffer\noverflow via a PICT image with specially crafted image data. This can\nbe exploited to crash an application and potentially execute arbitrary\ncode. \n\n22) A NULL pointer dereference error in QuickTime Streaming Server\nwhen processing QuickTime movies with a missing track can be\nexploited to crash the application. \n\n23) A boundary error in QuickTime Streaming Server when processing\nRTSP requests can be exploited to crash the application or\npotentially execute arbitrary code. \n\n24) An error in Ruby can be exploited to bypass safe level\nrestrictions. \n\nFor more information:\nSA16904\n\n25) An error in Safari when handling archives with symbolic links may\nplace the symbolic links on a user\u0027s desktop. This requires that the\n\"Open \u0027safe\u0027 files after downloading\" option is enabled. \n\nSOLUTION:\nApply Security Update 2006-003. \n13) The vendor credits Brent Simmons, NewsGator Technologies. \n14) The vendor credits Tobias Hahn, HU Berlin. \n19) The vendor credits Ben Low, University of New South Wales. \n21) The vendor credits Mike Price, McAfee AVERT Labs. \n23) Mu Security research team\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=303737\n\nOTHER REFERENCES:\nSA19686:\nhttp://secunia.com/advisories/19686/\n\nSA19534:\nhttp://secunia.com/advisories/19534/\n\nSA17430:\nhttp://secunia.com/advisories/17430/\n\nSA19218:\nhttp://secunia.com/advisories/19218/\n\nSA17907:\nhttp://secunia.com/advisories/17907/\n\nSA16904:\nhttp://secunia.com/advisories/16904/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n Impacts of other vulnerabilities include bypassing security\n restrictions and denial of service. \n\n\nI. Further details are available in the individual\n Vulnerability Notes. \n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. For information about\n specific impacts, please see the Vulnerability Notes. Potential\n consequences include remote execution of arbitrary code or commands,\n bypass of security restrictions, and denial of service. \n\n\nIII. This and other updates are\n available via Apple Update. \n Please see the Vulnerability Notes for individual reporter\n acknowledgements. \n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-132A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-132A Feedback VU#519473\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n May 12, 2006: Initial release\n\n\n \n \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRGTxnX0pj593lg50AQKebgf+PTa7qCt6QQRcXGlJ3vjPFOdO1VNRMGr8\nWOP8JKHbCK93O3E6YtHJ3nQTJBfyq169TQijWvoWvjjXM603DojGXUXgTBZFhTSG\nc4L0jE2+nD3273nZXGPreFJAsPxK6me7d4Of/KQ/prJnUfrnWNxfrP90CmXRKNLD\n+4eC4BEjNXCqpb0ki62WQM7NED6IgfgNZWfO7faTSRYNRdEyLAgetQxZVm5eepyK\nBJO3rRBBRkOIkIIG5o/J5ViqgiuUP75N37QqTc7BtyzQR2OeWepytJvkMvJUBVAG\nr0fLUKvhT4wdHxsNGVGCxLNf3NHG1UuWNO3UZ9MeBmREdmeT+K0l9A==\n=cabu\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1446"
},
{
"db": "BID",
"id": "17951"
},
{
"db": "VULHUB",
"id": "VHN-17554"
},
{
"db": "PACKETSTORM",
"id": "46266"
},
{
"db": "PACKETSTORM",
"id": "46436"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "17951",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2006-1446",
"trust": 2.0
},
{
"db": "USCERT",
"id": "TA06-132A",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "20077",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "25590",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-1779",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016072",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200605-239",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA06-132A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-05-11",
"trust": 0.6
},
{
"db": "XF",
"id": "26413",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-17554",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46266",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46436",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17554"
},
{
"db": "BID",
"id": "17951"
},
{
"db": "PACKETSTORM",
"id": "46266"
},
{
"db": "PACKETSTORM",
"id": "46436"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-239"
},
{
"db": "NVD",
"id": "CVE-2006-1446"
}
]
},
"id": "VAR-200605-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-17554"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:54:00.621000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1446"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2006/may/msg00003.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/17951"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-132a.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/25590"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016072"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/20077"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26413"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/26413"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1779"
},
{
"trust": 0.4,
"url": "http://docs.info.apple.com/article.html?artnum=303737"
},
{
"trust": 0.3,
"url": "http://labs.musecurity.com/advisories/mu-200605-02.txt"
},
{
"trust": 0.3,
"url": "http://www.lists.apple.com/mhonarc/security-announce"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate20060031039server.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17430/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/16904/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2006003macosx1046clientppc.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19534/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate20060031039client.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19686/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2006003macosx1046clientintel.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19218/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/96/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20077/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate20060031046server.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17907/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=303737\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-132a.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/#safari\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17554"
},
{
"db": "BID",
"id": "17951"
},
{
"db": "PACKETSTORM",
"id": "46266"
},
{
"db": "PACKETSTORM",
"id": "46436"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-239"
},
{
"db": "NVD",
"id": "CVE-2006-1446"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-17554"
},
{
"db": "BID",
"id": "17951"
},
{
"db": "PACKETSTORM",
"id": "46266"
},
{
"db": "PACKETSTORM",
"id": "46436"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-239"
},
{
"db": "NVD",
"id": "CVE-2006-1446"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-17554"
},
{
"date": "2006-05-11T00:00:00",
"db": "BID",
"id": "17951"
},
{
"date": "2006-05-17T05:39:52",
"db": "PACKETSTORM",
"id": "46266"
},
{
"date": "2006-05-22T03:14:36",
"db": "PACKETSTORM",
"id": "46436"
},
{
"date": "2005-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-239"
},
{
"date": "2006-05-12T21:02:00",
"db": "NVD",
"id": "CVE-2006-1446"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-17554"
},
{
"date": "2008-03-19T14:40:00",
"db": "BID",
"id": "17951"
},
{
"date": "2006-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-239"
},
{
"date": "2024-11-21T00:08:52.730000",
"db": "NVD",
"id": "CVE-2006-1446"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "46436"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-239"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X Keychain Information disclosure vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-239"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-239"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.