var-200610-0017
Vulnerability from variot
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings. Apple Mac OS X of Mach A flaw exists in the kernel's error handling mechanism called exception ports, which allows the execution of privileged crafted programs when certain types of errors occur.By executing a program crafted by a third party, arbitrary code may be executed. These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. Impacts of other vulnerabilities include bypass of security restrictions and denial of service.
I.
Further details are available in the individual Vulnerability Notes for Apple Security Update 2006-006. More information on those vulnerabilities can be found in Adobe Security Bulletin APSB06-11 and the Vulnerability Notes for Adobe Security Bulletin APSB06-11.
II. Impact
The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes for Apple Security Update 2006-006. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.
III. This and other updates are available via Apple Update or via Apple Downloads.
IV. Please send email to cert@cert.org with "TA06-275A Feedback VU#546772" in the subject.
Produced 2006 by US-CERT, a government organization.
Terms of use:
http://www.us-cert.gov/legal.html
Revision History
October 02, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg== =nP7Y -----END PGP SIGNATURE----- .
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA22187
VERIFY ADVISORY: http://secunia.com/advisories/22187/
CRITICAL: Highly critical
IMPACT: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access
WHERE:
From remote
OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/
DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) An error in the CFNetwork component may allow a malicious SSL site to pose as a trusted SLL site to CFNetwork clients (e.g. Safari).
5) An unchecked error condition in the LoginWindow component may result in Kerberos tickets being accessible to other local users after an unsuccessful attempt to log in.
6) Another error in the LoginWindow component during the handling of "Fast User Switching" may result in Kerberos tickets being accessible to other local users.
8) An error makes it possible for an account to manage WebObjects applications after the "Admin" privileges have been revoked.
9) A memory corruption error in QuickDraw Manager when processing PICT images can potentially be exploited via a specially crafted PICT image to execute arbitrary code.
10) An error in SASL can be exploited by malicious people to cause a DoS (Denial of Service) against the IMAP service.
For more information: SA19618
11) A memory management error in WebKit's handling of certain HTML can be exploited by malicious people to compromise a user's system.
SOLUTION: Update to version 10.4.8 or apply Security Update 2006-006. 3) The vendor credits Tom Saxton, Idle Loop Software Design. 4) The vendor credits Dino Dai Zovi, Matasano Security. 5) The vendor credits Patrick Gallagher, Digital Peaks Corporation. 6) The vendor credits Ragnar Sundblad, Royal Institute of Technology. 8) The vendor credits Phillip Tejada, Fruit Bat Software. 12) The vendor credits Chris Pepper, The Rockefeller University.
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=304460
OTHER REFERENCES: SA19618: http://secunia.com/advisories/19618/
SA20971: http://secunia.com/advisories/20971/
SA21271: http://secunia.com/advisories/21271/
SA21865: http://secunia.com/advisories/21865/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. visiting a malicious website.
2) An unspecified error can be exploited to bypass the "allowScriptAccess" option.
3) Unspecified errors exist in the way the ActiveX control is invoked by Microsoft Office products on Windows.
PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for reporting one of the vulnerabilities. 2) Reported by the vendor. 3) Reported by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200610-0017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 5.6,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "adobe",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.7"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.3"
},
{
"model": "openstep",
"scope": "eq",
"trust": 1.0,
"vendor": "next",
"version": "4.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4 to v10.4.7 up to version"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4 to v10.4.7 up to version"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "directory pro",
"scope": "eq",
"trust": 0.3,
"vendor": "cosmicperl",
"version": "10.0.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.03"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#847468"
},
{
"db": "CERT/CC",
"id": "VU#346396"
},
{
"db": "CERT/CC",
"id": "VU#897628"
},
{
"db": "CERT/CC",
"id": "VU#838404"
},
{
"db": "CERT/CC",
"id": "VU#546772"
},
{
"db": "CERT/CC",
"id": "VU#451380"
},
{
"db": "CERT/CC",
"id": "VU#168372"
},
{
"db": "BID",
"id": "20271"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000659"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-002"
},
{
"db": "NVD",
"id": "CVE-2006-4392"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000659"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor credits Adam Bryzak of Queensland University of Technology, Tom Saxton of Idle Loop Software Design, Dino Dai Zovi of Matasano Security, Patrick Gallagher of Digital Peaks Corporation, Ragnar Sundblad of the Royal Institute of Technology, Stockh",
"sources": [
{
"db": "BID",
"id": "20271"
}
],
"trust": 0.3
},
"cve": "CVE-2006-4392",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2006-4392",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-20500",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-4392",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#346396",
"trust": 0.8,
"value": "0.54"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#897628",
"trust": 0.8,
"value": "2.76"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#838404",
"trust": 0.8,
"value": "1.38"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#546772",
"trust": 0.8,
"value": "11.70"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#451380",
"trust": 0.8,
"value": "33.41"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#168372",
"trust": 0.8,
"value": "14.29"
},
{
"author": "NVD",
"id": "CVE-2006-4392",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200610-002",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-20500",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#346396"
},
{
"db": "CERT/CC",
"id": "VU#897628"
},
{
"db": "CERT/CC",
"id": "VU#838404"
},
{
"db": "CERT/CC",
"id": "VU#546772"
},
{
"db": "CERT/CC",
"id": "VU#451380"
},
{
"db": "CERT/CC",
"id": "VU#168372"
},
{
"db": "VULHUB",
"id": "VHN-20500"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000659"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-002"
},
{
"db": "NVD",
"id": "CVE-2006-4392"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child\u0027s thread context and task address space in a way that causes the child to call a parent-controlled function. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings. Apple Mac OS X of Mach A flaw exists in the kernel\u0027s error handling mechanism called exception ports, which allows the execution of privileged crafted programs when certain types of errors occur.By executing a program crafted by a third party, arbitrary code may be executed. \nThese issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. Impacts of other vulnerabilities include bypass of security\n restrictions and denial of service. \n\n\nI. \n\n Further details are available in the individual Vulnerability Notes\n for Apple Security Update 2006-006. More information on those vulnerabilities can\n be found in Adobe Security Bulletin APSB06-11 and the Vulnerability\n Notes for Adobe Security Bulletin APSB06-11. \n\nII. Impact\n\n The impacts of these vulnerabilities vary. For information about\n specific impacts, please see the Vulnerability Notes for Apple\n Security Update 2006-006. Potential consequences include remote\n execution of arbitrary code or commands, bypass of security\n restrictions, and denial of service. \n\n\nIII. This and other updates are\n available via Apple Update or via Apple Downloads. \n\n\nIV. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-275A Feedback VU#546772\" in the\n subject. \n _________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n\n _________________________________________________________________\n\n Revision History\n\n October 02, 2006: Initial release\n \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn\nY81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY\nmy6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY\ngOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep\nfEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ\nELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==\n=nP7Y\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nMac OS X Security Update Fixes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA22187\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22187/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSecurity Bypass, Spoofing, Exposure of sensitive information,\nPrivilege escalation, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) An error in the CFNetwork component may allow a malicious SSL site\nto pose as a trusted SLL site to CFNetwork clients (e.g. Safari). \n\n5) An unchecked error condition in the LoginWindow component may\nresult in Kerberos tickets being accessible to other local users\nafter an unsuccessful attempt to log in. \n\n6) Another error in the LoginWindow component during the handling of\n\"Fast User Switching\" may result in Kerberos tickets being accessible\nto other local users. \n\n8) An error makes it possible for an account to manage WebObjects\napplications after the \"Admin\" privileges have been revoked. \n\n9) A memory corruption error in QuickDraw Manager when processing\nPICT images can potentially be exploited via a specially crafted PICT\nimage to execute arbitrary code. \n\n10) An error in SASL can be exploited by malicious people to cause a\nDoS (Denial of Service) against the IMAP service. \n\nFor more information:\nSA19618\n\n11) A memory management error in WebKit\u0027s handling of certain HTML\ncan be exploited by malicious people to compromise a user\u0027s system. \n\nSOLUTION:\nUpdate to version 10.4.8 or apply Security Update 2006-006. \n3) The vendor credits Tom Saxton, Idle Loop Software Design. \n4) The vendor credits Dino Dai Zovi, Matasano Security. \n5) The vendor credits Patrick Gallagher, Digital Peaks Corporation. \n6) The vendor credits Ragnar Sundblad, Royal Institute of\nTechnology. \n8) The vendor credits Phillip Tejada, Fruit Bat Software. \n12) The vendor credits Chris Pepper, The Rockefeller University. \n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=304460\n\nOTHER REFERENCES:\nSA19618:\nhttp://secunia.com/advisories/19618/\n\nSA20971:\nhttp://secunia.com/advisories/20971/\n\nSA21271:\nhttp://secunia.com/advisories/21271/\n\nSA21865:\nhttp://secunia.com/advisories/21865/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. visiting a malicious website. \n\n2) An unspecified error can be exploited to bypass the\n\"allowScriptAccess\" option. \n\n3) Unspecified errors exist in the way the ActiveX control is invoked\nby Microsoft Office products on Windows. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for\nreporting one of the vulnerabilities. \n2) Reported by the vendor. \n3) Reported by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4392"
},
{
"db": "CERT/CC",
"id": "VU#847468"
},
{
"db": "CERT/CC",
"id": "VU#346396"
},
{
"db": "CERT/CC",
"id": "VU#897628"
},
{
"db": "CERT/CC",
"id": "VU#838404"
},
{
"db": "CERT/CC",
"id": "VU#546772"
},
{
"db": "CERT/CC",
"id": "VU#451380"
},
{
"db": "CERT/CC",
"id": "VU#168372"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000659"
},
{
"db": "BID",
"id": "20271"
},
{
"db": "VULHUB",
"id": "VHN-20500"
},
{
"db": "PACKETSTORM",
"id": "50620"
},
{
"db": "PACKETSTORM",
"id": "50441"
},
{
"db": "PACKETSTORM",
"id": "49912"
}
],
"trust": 7.29
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-20500",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20500"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "22187",
"trust": 6.6
},
{
"db": "CERT/CC",
"id": "VU#838404",
"trust": 3.3
},
{
"db": "USCERT",
"id": "TA06-275A",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2006-4392",
"trust": 2.8
},
{
"db": "BID",
"id": "20271",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "21865",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1663",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "29269",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016954",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3852",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#847468",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#346396",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#897628",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#546772",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#451380",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#168372",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA06-275A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000659",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200610-002",
"trust": 0.7
},
{
"db": "XF",
"id": "29281",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA06-275A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-09-29",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060929 MATASANO ADVISORY: MACOS X MACH EXCEPTION SERVER PRIVILEGE ESCALATION",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "50741",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "2463",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "2464",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-64045",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-20500",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50620",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50441",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49912",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#847468"
},
{
"db": "CERT/CC",
"id": "VU#346396"
},
{
"db": "CERT/CC",
"id": "VU#897628"
},
{
"db": "CERT/CC",
"id": "VU#838404"
},
{
"db": "CERT/CC",
"id": "VU#546772"
},
{
"db": "CERT/CC",
"id": "VU#451380"
},
{
"db": "CERT/CC",
"id": "VU#168372"
},
{
"db": "VULHUB",
"id": "VHN-20500"
},
{
"db": "BID",
"id": "20271"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000659"
},
{
"db": "PACKETSTORM",
"id": "50620"
},
{
"db": "PACKETSTORM",
"id": "50441"
},
{
"db": "PACKETSTORM",
"id": "49912"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-002"
},
{
"db": "NVD",
"id": "CVE-2006-4392"
}
]
},
"id": "VAR-200610-0017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20500"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:06:15.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mac OS X 10.4.8 Update (Intel)",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/macosx1048updateintel.html"
},
{
"title": "Mac OS X 10.4.8 Update (PPC)",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/macosx1048updateppc.html"
},
{
"title": "Mac OS X 10.4.8 and Security Update 2006-006",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=304460"
},
{
"title": "Mac OS X 10.4.8 and Security Update 2006-006",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=304460-ja"
},
{
"title": "Mac OS X 10.4.8 Update (Intel)",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/macosx1048updateintel.html"
},
{
"title": "Mac OS X 10.4.8 Update (PPC)",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/macosx1048updateppc.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000659"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4392"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.9,
"url": "http://secunia.com/advisories/22187/"
},
{
"trust": 4.4,
"url": "http://docs.info.apple.com/article.html?artnum=304460"
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-275a.html"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/20271"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/838404"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/21865/"
},
{
"trust": 1.7,
"url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00002.html"
},
{
"trust": 1.7,
"url": "http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/29269"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016954"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/22187"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1663"
},
{
"trust": 1.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2006/3852"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/447396/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3852"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29281"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com/technet/security/advisory/925143.mspx"
},
{
"trust": 0.8,
"url": "http://www.cert.org/tech_tips/home_networks.html#iv"
},
{
"trust": 0.8,
"url": "http://www.macintouch.com/index.shtml#other.2006.10.03.xvul"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=d9c2fe33"
},
{
"trust": 0.8,
"url": "http://www.computerterrorism.com/research/ct12-09-2006.htm"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_16494"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/devnet/security/security_zone/mpsb02-08.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4392"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-275a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta06-275a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-4392"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa06-275a.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/29281"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/447396/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "/archive/1/447396"
},
{
"trust": 0.2,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosx1048updateintel.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304460\u003e"
},
{
"trust": 0.1,
"url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apple-2006-006\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-275a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apsb06-11\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/#safari\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate20060061039server.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosxserver1048updateppc.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosxserver1048comboupdateppc.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20971/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosx1048comboupdateintel.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate20060061039client.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosxserver1048updateuniversal.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19618/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosx1048updateintel.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosx1048updateppc.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosx1048comboupdateppc.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21271/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/96/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3191/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6153/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3192/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2634/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7024/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5246/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#847468"
},
{
"db": "CERT/CC",
"id": "VU#346396"
},
{
"db": "CERT/CC",
"id": "VU#897628"
},
{
"db": "CERT/CC",
"id": "VU#838404"
},
{
"db": "CERT/CC",
"id": "VU#546772"
},
{
"db": "CERT/CC",
"id": "VU#451380"
},
{
"db": "CERT/CC",
"id": "VU#168372"
},
{
"db": "VULHUB",
"id": "VHN-20500"
},
{
"db": "BID",
"id": "20271"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000659"
},
{
"db": "PACKETSTORM",
"id": "50620"
},
{
"db": "PACKETSTORM",
"id": "50441"
},
{
"db": "PACKETSTORM",
"id": "49912"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-002"
},
{
"db": "NVD",
"id": "CVE-2006-4392"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#847468"
},
{
"db": "CERT/CC",
"id": "VU#346396"
},
{
"db": "CERT/CC",
"id": "VU#897628"
},
{
"db": "CERT/CC",
"id": "VU#838404"
},
{
"db": "CERT/CC",
"id": "VU#546772"
},
{
"db": "CERT/CC",
"id": "VU#451380"
},
{
"db": "CERT/CC",
"id": "VU#168372"
},
{
"db": "VULHUB",
"id": "VHN-20500"
},
{
"db": "BID",
"id": "20271"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000659"
},
{
"db": "PACKETSTORM",
"id": "50620"
},
{
"db": "PACKETSTORM",
"id": "50441"
},
{
"db": "PACKETSTORM",
"id": "49912"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-002"
},
{
"db": "NVD",
"id": "CVE-2006-4392"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#847468"
},
{
"date": "2006-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#346396"
},
{
"date": "2006-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#897628"
},
{
"date": "2006-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#838404"
},
{
"date": "2006-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#546772"
},
{
"date": "2006-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#451380"
},
{
"date": "2006-09-20T00:00:00",
"db": "CERT/CC",
"id": "VU#168372"
},
{
"date": "2006-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-20500"
},
{
"date": "2006-09-29T00:00:00",
"db": "BID",
"id": "20271"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000659"
},
{
"date": "2006-10-04T21:36:00",
"db": "PACKETSTORM",
"id": "50620"
},
{
"date": "2006-10-03T01:14:36",
"db": "PACKETSTORM",
"id": "50441"
},
{
"date": "2006-09-12T22:17:26",
"db": "PACKETSTORM",
"id": "49912"
},
{
"date": "2006-10-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-002"
},
{
"date": "2006-10-03T04:02:00",
"db": "NVD",
"id": "CVE-2006-4392"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-21T00:00:00",
"db": "CERT/CC",
"id": "VU#847468"
},
{
"date": "2006-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#346396"
},
{
"date": "2006-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#897628"
},
{
"date": "2006-10-04T00:00:00",
"db": "CERT/CC",
"id": "VU#838404"
},
{
"date": "2006-11-21T00:00:00",
"db": "CERT/CC",
"id": "VU#546772"
},
{
"date": "2007-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#451380"
},
{
"date": "2006-11-14T00:00:00",
"db": "CERT/CC",
"id": "VU#168372"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20500"
},
{
"date": "2006-10-03T18:30:00",
"db": "BID",
"id": "20271"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000659"
},
{
"date": "2006-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-002"
},
{
"date": "2024-11-21T00:15:50.820000",
"db": "NVD",
"id": "CVE-2006-4392"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Workgroup Manager fails to properly enable ShadowHash passwords",
"sources": [
{
"db": "CERT/CC",
"id": "VU#847468"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-002"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…