Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2006-AVI-517
Vulnerability from certfr_avis - Published: 2006-11-29 - Updated: 2006-11-29
De multiples vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. Certaines pourraient, si elles sont exploitées par une personne malveillante, provoquer l'exécution de code arbitraire à distance.
Description
De multiples vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. Parmi celles-ci :
- une vulnérabilité des pilotes de cartes sans-fil Airport : ils n'interpreteraient pas correctement des paquets répondant à une requête de sondage (de type Probe). Une personne malveillante pourrait donc émettre un paquet malformé, en réponse à une requête, afin de provoquer l'exécution de commandes arbitraires à distance. Les solutions de sécurité comme WPA, VPN, 802.11i ne protègent pas de cette catégorie d'attaques visant directement le pilote de la carte réseau. Le CERTA mentionne ce problème dans le bulletin d'actualité CERTA-2006-ACT-046 ;
- une vulnérabilité de CFNetwork : les URI (pour Uniform Resource Identifier) FTP ne sont pas validées correctement. Une personne pourrait, en visitant un site FTP construit de manière malveillante, lancer à son insu des commandes FTP contre un site tiers ;
- plusieurs vulnérabilités dans clamAV pour Mac OS X Server ;
- des vulnérabilités dans OpenSSL pour MacOS. Celles-ci ont été abordées dans des avis du CERTA, notamment CERTA-2006-AVI-421 et CERTA-2006-AVI-448 ;
- des vulnérabilités de PHP : certaines ont été décrites dans l'avis du CERTA CERTA-2006-AVI-481 ;
- une vulnérabilité de PPP : une personne malveillante pourrait, sur le même réseau qu'une machine vulnérable, envoyer un paquet spécialement conçu, afin de perturber PPPoE. Cela permettrait sous certaines conditions d'exécuter des commandes arbitraires à distance. PPPoE n'est cependant pas activé par défaut.
Solution
Se référer au bulletin de sécurité de l'éditeur Apple pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple Mac OS X Server v10.3.9 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Mac OS X v10.4.8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Mac OS X Server v10.4.8.",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Mac OS X v10.3.9 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. Parmi celles-ci :\n\n- une vuln\u00e9rabilit\u00e9 des pilotes de cartes sans-fil Airport : ils\n n\u0027interpreteraient pas correctement des paquets r\u00e9pondant \u00e0 une\n requ\u00eate de sondage (de type Probe). Une personne malveillante\n pourrait donc \u00e9mettre un paquet malform\u00e9, en r\u00e9ponse \u00e0 une requ\u00eate,\n afin de provoquer l\u0027ex\u00e9cution de commandes arbitraires \u00e0 distance.\n Les solutions de s\u00e9curit\u00e9 comme WPA, VPN, 802.11i ne prot\u00e8gent pas\n de cette cat\u00e9gorie d\u0027attaques visant directement le pilote de la\n carte r\u00e9seau. Le CERTA mentionne ce probl\u00e8me dans le bulletin\n d\u0027actualit\u00e9 CERTA-2006-ACT-046 ;\n- une vuln\u00e9rabilit\u00e9 de CFNetwork : les URI (pour Uniform Resource\n Identifier) FTP ne sont pas valid\u00e9es correctement. Une personne\n pourrait, en visitant un site FTP construit de mani\u00e8re malveillante,\n lancer \u00e0 son insu des commandes FTP contre un site tiers ;\n- plusieurs vuln\u00e9rabilit\u00e9s dans clamAV pour Mac OS X Server ;\n- des vuln\u00e9rabilit\u00e9s dans OpenSSL pour MacOS. Celles-ci ont \u00e9t\u00e9\n abord\u00e9es dans des avis du CERTA, notamment CERTA-2006-AVI-421 et\n CERTA-2006-AVI-448 ;\n- des vuln\u00e9rabilit\u00e9s de PHP : certaines ont \u00e9t\u00e9 d\u00e9crites dans l\u0027avis\n du CERTA CERTA-2006-AVI-481 ;\n- une vuln\u00e9rabilit\u00e9 de PPP : une personne malveillante pourrait, sur\n le m\u00eame r\u00e9seau qu\u0027une machine vuln\u00e9rable, envoyer un paquet\n sp\u00e9cialement con\u00e7u, afin de perturber PPPoE. Cela permettrait sous\n certaines conditions d\u0027ex\u00e9cuter des commandes arbitraires \u00e0\n distance. PPPoE n\u0027est cependant pas activ\u00e9 par d\u00e9faut.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur Apple pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2006-4339",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4339"
},
{
"name": "CVE-2006-1990",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-1990"
},
{
"name": "CVE-2006-4398",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4398"
},
{
"name": "CVE-2006-5465",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5465"
},
{
"name": "CVE-2006-4403",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4403"
},
{
"name": "CVE-2006-2940",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2940"
},
{
"name": "CVE-2006-4182",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4182"
},
{
"name": "CVE-2006-4404",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4404"
},
{
"name": "CVE-2006-4334",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4334"
},
{
"name": "CVE-2006-4343",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4343"
},
{
"name": "CVE-2006-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4408"
},
{
"name": "CVE-2006-4335",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4335"
},
{
"name": "CVE-2006-4396",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4396"
},
{
"name": "CVE-2006-4401",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4401"
},
{
"name": "CVE-2006-4407",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4407"
},
{
"name": "CVE-2006-3403",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3403"
},
{
"name": "CVE-2006-4400",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4400"
},
{
"name": "CVE-2006-4336",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4336"
},
{
"name": "CVE-2006-4337",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4337"
},
{
"name": "CVE-2006-4402",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4402"
},
{
"name": "CVE-2006-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3738"
},
{
"name": "CVE-2006-1490",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-1490"
},
{
"name": "CVE-2006-2937",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2937"
},
{
"name": "CVE-2006-4409",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4409"
},
{
"name": "CVE-2006-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4410"
},
{
"name": "CVE-2006-4411",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4411"
},
{
"name": "CVE-2006-5710",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5710"
},
{
"name": "CVE-2006-4338",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4338"
},
{
"name": "CVE-2006-4412",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4412"
},
{
"name": "CVE-2006-3962",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3962"
},
{
"name": "CVE-2006-4406",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4406"
}
],
"initial_release_date": "2006-11-29T00:00:00",
"last_revision_date": "2006-11-29T00:00:00",
"links": [
{
"title": "Bulletin d\u0027actualit\u00e9 du CERTA CERTA-2006-ACT-046 du 17 novembre 2006 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-ACT-046.pdf"
},
{
"title": "Avis du CERTA CERTA-2006-AVI-448 du 11 octobre 2006 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-AVI-448/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple 2006-007 du 28 novembre 2006 :",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"title": "Avis du CERTA CERTA-2006-AVI-421 du 03 octobre 2006 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-AVI-421/"
}
],
"reference": "CERTA-2006-AVI-517",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-11-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. Certaines pourraient, si elles sont\nexploit\u00e9es par une personne malveillante, provoquer l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de mises \u00e0 jour Apple 2006-007 du 28 novembre 2006",
"url": null
}
]
}
CVE-2006-4403 (GCVE-0-2006-4403)
Vulnerability from cvelistv5 – Published: 2006-11-30 16:00 – Updated: 2024-08-07 19:06
VLAI
EPSS
Summary
The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/30734 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2006/4750 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1017303 | vdb-entryx_refsource_SECTRACK |
| http://docs.info.apple.com/article.html?artnum=304829 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/21335 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/23155 | third-party-advisoryx_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/371648 | third-party-advisoryx_refsource_CERT-VN |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.us-cert.gov/cas/techalerts/TA06-333A.html | third-party-advisoryx_refsource_CERT |
Date Public
2006-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30734",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30734"
},
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "1017303",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "macos-ftp-server-login-dos(30621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30621"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "VU#371648",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/371648"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30734",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30734"
},
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "1017303",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "macos-ftp-server-login-dos(30621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30621"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "VU#371648",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/371648"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30734",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30734"
},
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "1017303",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017303"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "macos-ftp-server-login-dos(30621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30621"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "VU#371648",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/371648"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4403",
"datePublished": "2006-11-30T16:00:00.000Z",
"dateReserved": "2006-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:07.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4404 (GCVE-0-2006-4404)
Vulnerability from cvelistv5 – Published: 2006-11-30 16:00 – Updated: 2024-08-07 19:06
VLAI
EPSS
Summary
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/4750 | vdb-entryx_refsource_VUPEN |
| http://docs.info.apple.com/article.html?artnum=304829 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/21335 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1017304 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/30733 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/23155 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.us-cert.gov/cas/techalerts/TA06-333A.html | third-party-advisoryx_refsource_CERT |
Date Public
2006-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "1017304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017304"
},
{
"name": "30733",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30733"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-04T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "1017304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017304"
},
{
"name": "30733",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30733"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "1017304",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017304"
},
{
"name": "30733",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30733"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4404",
"datePublished": "2006-11-30T16:00:00.000Z",
"dateReserved": "2006-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:07.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4406 (GCVE-0-2006-4406)
Vulnerability from cvelistv5 – Published: 2006-11-30 16:00 – Updated: 2024-08-07 19:06
VLAI
EPSS
Summary
Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/4750 | vdb-entryx_refsource_VUPEN |
| http://www.kb.cert.org/vuls/id/870960 | third-party-advisoryx_refsource_CERT-VN |
| http://securitytracker.com/id?1017305 | vdb-entryx_refsource_SECTRACK |
| http://labs.musecurity.com/advisories/MU-200611-01.txt | x_refsource_MISC |
| http://docs.info.apple.com/article.html?artnum=304829 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/21335 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/23155 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/30732 | vdb-entryx_refsource_OSVDB |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.us-cert.gov/cas/techalerts/TA06-333A.html | third-party-advisoryx_refsource_CERT |
Date Public
2006-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "VU#870960",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/870960"
},
{
"name": "1017305",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017305"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.musecurity.com/advisories/MU-200611-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "macos-ppp-bo(30627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30627"
},
{
"name": "30732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30732"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "VU#870960",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/870960"
},
{
"name": "1017305",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017305"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.musecurity.com/advisories/MU-200611-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "macos-ppp-bo(30627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30627"
},
{
"name": "30732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30732"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "VU#870960",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/870960"
},
{
"name": "1017305",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017305"
},
{
"name": "http://labs.musecurity.com/advisories/MU-200611-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/advisories/MU-200611-01.txt"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "macos-ppp-bo(30627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30627"
},
{
"name": "30732",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30732"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4406",
"datePublished": "2006-11-30T16:00:00.000Z",
"dateReserved": "2006-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:07.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4407 (GCVE-0-2006-4407)
Vulnerability from cvelistv5 – Published: 2006-11-30 16:00 – Updated: 2024-08-07 19:06
VLAI
EPSS
Summary
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/4750 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/30731 | vdb-entryx_refsource_OSVDB |
| http://docs.info.apple.com/article.html?artnum=304829 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/21335 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/734032 | third-party-advisoryx_refsource_CERT-VN |
| http://securitytracker.com/id?1017298 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/23155 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.us-cert.gov/cas/techalerts/TA06-333A.html | third-party-advisoryx_refsource_CERT |
Date Public
2006-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "30731",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30731"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "VU#734032",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/734032"
},
{
"name": "1017298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017298"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-04T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "30731",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30731"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "VU#734032",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/734032"
},
{
"name": "1017298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017298"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "30731",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30731"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "VU#734032",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/734032"
},
{
"name": "1017298",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017298"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4407",
"datePublished": "2006-11-30T16:00:00.000Z",
"dateReserved": "2006-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:07.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4408 (GCVE-0-2006-4408)
Vulnerability from cvelistv5 – Published: 2006-11-30 16:00 – Updated: 2024-08-07 19:06
VLAI
EPSS
Summary
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/4750 | vdb-entryx_refsource_VUPEN |
| http://docs.info.apple.com/article.html?artnum=304829 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/21335 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/30730 | vdb-entryx_refsource_OSVDB |
| http://securitytracker.com/id?1017298 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/23155 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.us-cert.gov/cas/techalerts/TA06-333A.html | third-party-advisoryx_refsource_CERT |
Date Public
2006-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "30730",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30730"
},
{
"name": "1017298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017298"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-04T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "30730",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30730"
},
{
"name": "1017298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017298"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "30730",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30730"
},
{
"name": "1017298",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017298"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4408",
"datePublished": "2006-11-30T16:00:00.000Z",
"dateReserved": "2006-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:07.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4409 (GCVE-0-2006-4409)
Vulnerability from cvelistv5 – Published: 2006-11-30 16:00 – Updated: 2024-08-07 19:06
VLAI
EPSS
Summary
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/4750 | vdb-entryx_refsource_VUPEN |
| http://docs.info.apple.com/article.html?artnum=304829 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/21335 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/30729 | vdb-entryx_refsource_OSVDB |
| http://securitytracker.com/id?1017298 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/23155 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.us-cert.gov/cas/techalerts/TA06-333A.html | third-party-advisoryx_refsource_CERT |
| http://www.kb.cert.org/vuls/id/811384 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2006-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "30729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30729"
},
{
"name": "1017298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017298"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "VU#811384",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/811384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-04T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "30729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30729"
},
{
"name": "1017298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017298"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "VU#811384",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/811384"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "30729",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30729"
},
{
"name": "1017298",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017298"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "VU#811384",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/811384"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4409",
"datePublished": "2006-11-30T16:00:00.000Z",
"dateReserved": "2006-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:07.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4410 (GCVE-0-2006-4410)
Vulnerability from cvelistv5 – Published: 2006-11-30 16:00 – Updated: 2024-08-07 19:06
VLAI
EPSS
Summary
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/4750 | vdb-entryx_refsource_VUPEN |
| http://docs.info.apple.com/article.html?artnum=304829 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/21335 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1017298 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/23155 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.us-cert.gov/cas/techalerts/TA06-333A.html | third-party-advisoryx_refsource_CERT |
| http://www.osvdb.org/30728 | vdb-entryx_refsource_OSVDB |
Date Public
2006-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "1017298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017298"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "30728",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-04T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "1017298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017298"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "30728",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "1017298",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017298"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "30728",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4410",
"datePublished": "2006-11-30T16:00:00.000Z",
"dateReserved": "2006-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:07.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4411 (GCVE-0-2006-4411)
Vulnerability from cvelistv5 – Published: 2006-11-30 16:00 – Updated: 2024-08-07 19:06
VLAI
EPSS
Summary
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/4750 | vdb-entryx_refsource_VUPEN |
| http://docs.info.apple.com/article.html?artnum=304829 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/21335 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/30727 | vdb-entryx_refsource_OSVDB |
| http://securitytracker.com/id?1017304 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/23155 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.us-cert.gov/cas/techalerts/TA06-333A.html | third-party-advisoryx_refsource_CERT |
Date Public
2006-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "30727",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30727"
},
{
"name": "1017304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017304"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-04T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "30727",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30727"
},
{
"name": "1017304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017304"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "30727",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30727"
},
{
"name": "1017304",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017304"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4411",
"datePublished": "2006-11-30T16:00:00.000Z",
"dateReserved": "2006-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:07.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4412 (GCVE-0-2006-4412)
Vulnerability from cvelistv5 – Published: 2006-11-30 16:00 – Updated: 2024-08-07 19:06
VLAI
EPSS
Summary
WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/4750 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/30726 | vdb-entryx_refsource_OSVDB |
| http://docs.info.apple.com/article.html?artnum=304829 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/21335 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/848960 | third-party-advisoryx_refsource_CERT-VN |
| http://securitytracker.com/id?1017304 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/23155 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.us-cert.gov/cas/techalerts/TA06-333A.html | third-party-advisoryx_refsource_CERT |
Date Public
2006-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "macos-webkit-code-execution(30645)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30645"
},
{
"name": "30726",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30726"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "VU#848960",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/848960"
},
{
"name": "1017304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017304"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "macos-webkit-code-execution(30645)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30645"
},
{
"name": "30726",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30726"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "VU#848960",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/848960"
},
{
"name": "1017304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017304"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "macos-webkit-code-execution(30645)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30645"
},
{
"name": "30726",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30726"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21335"
},
{
"name": "VU#848960",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/848960"
},
{
"name": "1017304",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017304"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4412",
"datePublished": "2006-11-30T16:00:00.000Z",
"dateReserved": "2006-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:07.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5465 (GCVE-0-2006-5465)
Vulnerability from cvelistv5 – Published: 2006-11-04 00:00 – Updated: 2024-08-07 19:48
VLAI
EPSS
Summary
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
48 references
Date Public
2006-11-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22881"
},
{
"name": "1017152",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017152"
},
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "ADV-2006-4749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4749"
},
{
"name": "20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450431/100/0/threaded"
},
{
"name": "RHSA-2006:0731",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0731.html"
},
{
"name": "22759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22759"
},
{
"name": "24606",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24606"
},
{
"name": "ADV-2007-1546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1546"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "TLSA-2006-38",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"
},
{
"name": "DSA-1206",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1206"
},
{
"name": "22693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22693"
},
{
"name": "23247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23247"
},
{
"name": "22653",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22653"
},
{
"name": "22688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22688"
},
{
"name": "2006-0061",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0061/"
},
{
"name": "20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453024/100/0/threaded"
},
{
"name": "GLSA-200703-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
},
{
"name": "20061109 rPSA-2006-0205-1 php php-mysql php-pgsql",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451098/100/0/threaded"
},
{
"name": "22713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22713"
},
{
"name": "22685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22685"
},
{
"name": "ADV-2006-4317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_132006.138.html"
},
{
"name": "20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.rpath.com/browse/RPL-761"
},
{
"name": "20061101-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"name": "SUSE-SA:2006:067",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_67_php.html"
},
{
"name": "php-htmlentities-bo(29971)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29971"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "MDKSA-2006:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:196"
},
{
"name": "25047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25047"
},
{
"name": "1017296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017296"
},
{
"name": "22779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22779"
},
{
"name": "RHSA-2006:0730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0730.html"
},
{
"name": "20879",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20879"
},
{
"name": "USN-375-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-375-1"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "OpenPKG-SA-2006.028",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html"
},
{
"name": "22929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22929"
},
{
"name": "22753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22753"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm"
},
{
"name": "oval:org.mitre.oval:def:10240",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240"
},
{
"name": "23139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23139"
},
{
"name": "RHSA-2006:0736",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0736.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_2_0.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "22881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22881"
},
{
"name": "1017152",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017152"
},
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "ADV-2006-4749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4749"
},
{
"name": "20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450431/100/0/threaded"
},
{
"name": "RHSA-2006:0731",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0731.html"
},
{
"name": "22759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22759"
},
{
"name": "24606",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24606"
},
{
"name": "ADV-2007-1546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1546"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "TLSA-2006-38",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"
},
{
"name": "DSA-1206",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1206"
},
{
"name": "22693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22693"
},
{
"name": "23247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23247"
},
{
"name": "22653",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22653"
},
{
"name": "22688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22688"
},
{
"name": "2006-0061",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0061/"
},
{
"name": "20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453024/100/0/threaded"
},
{
"name": "GLSA-200703-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
},
{
"name": "20061109 rPSA-2006-0205-1 php php-mysql php-pgsql",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451098/100/0/threaded"
},
{
"name": "22713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22713"
},
{
"name": "22685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22685"
},
{
"name": "ADV-2006-4317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_132006.138.html"
},
{
"name": "20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.rpath.com/browse/RPL-761"
},
{
"name": "20061101-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"name": "SUSE-SA:2006:067",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_67_php.html"
},
{
"name": "php-htmlentities-bo(29971)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29971"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "MDKSA-2006:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:196"
},
{
"name": "25047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25047"
},
{
"name": "1017296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017296"
},
{
"name": "22779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22779"
},
{
"name": "RHSA-2006:0730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0730.html"
},
{
"name": "20879",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20879"
},
{
"name": "USN-375-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-375-1"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "OpenPKG-SA-2006.028",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html"
},
{
"name": "22929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22929"
},
{
"name": "22753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22753"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm"
},
{
"name": "oval:org.mitre.oval:def:10240",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240"
},
{
"name": "23139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23139"
},
{
"name": "RHSA-2006:0736",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0736.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_2_0.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-5465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22881"
},
{
"name": "1017152",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017152"
},
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "ADV-2006-4749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4749"
},
{
"name": "20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450431/100/0/threaded"
},
{
"name": "RHSA-2006:0731",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0731.html"
},
{
"name": "22759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22759"
},
{
"name": "24606",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24606"
},
{
"name": "ADV-2007-1546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1546"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "TLSA-2006-38",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"
},
{
"name": "DSA-1206",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1206"
},
{
"name": "22693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22693"
},
{
"name": "23247",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23247"
},
{
"name": "22653",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22653"
},
{
"name": "22688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22688"
},
{
"name": "2006-0061",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0061/"
},
{
"name": "20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453024/100/0/threaded"
},
{
"name": "GLSA-200703-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
},
{
"name": "20061109 rPSA-2006-0205-1 php php-mysql php-pgsql",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451098/100/0/threaded"
},
{
"name": "22713",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22713"
},
{
"name": "22685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22685"
},
{
"name": "ADV-2006-4317",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4317"
},
{
"name": "http://www.hardened-php.net/advisory_132006.138.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_132006.138.html"
},
{
"name": "20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html"
},
{
"name": "http://issues.rpath.com/browse/RPL-761",
"refsource": "CONFIRM",
"url": "http://issues.rpath.com/browse/RPL-761"
},
{
"name": "20061101-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"name": "SUSE-SA:2006:067",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_67_php.html"
},
{
"name": "php-htmlentities-bo(29971)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29971"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "MDKSA-2006:196",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:196"
},
{
"name": "25047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25047"
},
{
"name": "1017296",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017296"
},
{
"name": "22779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22779"
},
{
"name": "RHSA-2006:0730",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0730.html"
},
{
"name": "20879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20879"
},
{
"name": "USN-375-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-375-1"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "OpenPKG-SA-2006.028",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html"
},
{
"name": "22929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22929"
},
{
"name": "22753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22753"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm"
},
{
"name": "oval:org.mitre.oval:def:10240",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240"
},
{
"name": "23139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23139"
},
{
"name": "RHSA-2006:0736",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0736.html"
},
{
"name": "http://www.php.net/releases/5_2_0.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_2_0.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-5465",
"datePublished": "2006-11-04T00:00:00.000Z",
"dateReserved": "2006-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:48:30.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…