VAR-200611-0008

Vulnerability from variot - Updated: 2025-04-10 23:07

Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages. Apple Remote Desktop is prone to an insecure-default-permissions vulnerability. Successfully exploiting this issue allows attackers to alter the contents of packages that may subsequently be installed on remote computers. This facilitates the complete compromise of remote computers controlled by the vulnerable Remote Desktop server computer.


To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.

The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.

Successful exploitation may allow execution of arbitrary code with "root" privileges on client systems when installing or updating the software.

SOLUTION: Update to version 3.1.

ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=304824


About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


Show details on source website

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200611-0008",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "remote desktop",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "remote desktop",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "remote desktop",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "remote desktop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "21139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001157"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-292"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4413"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:apple_remote_desktop",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001157"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andrew Mortensen of the University of Michigan reported this issue to the vendor.",
    "sources": [
      {
        "db": "BID",
        "id": "21139"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-292"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2006-4413",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2006-4413",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-20521",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-4413",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2006-4413",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200611-292",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-20521",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20521"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001157"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-292"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4413"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages. Apple Remote Desktop is prone to an insecure-default-permissions vulnerability. \nSuccessfully exploiting this issue allows attackers to alter the contents of packages that may subsequently be installed on remote computers. This facilitates the complete compromise of remote computers controlled by the vulnerable Remote Desktop server computer. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nSuccessful exploitation may allow execution of arbitrary code with\n\"root\" privileges on client systems when installing or updating the\nsoftware. \n\nSOLUTION:\nUpdate to version 3.1. \n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=304824\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4413"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001157"
      },
      {
        "db": "BID",
        "id": "21139"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20521"
      },
      {
        "db": "PACKETSTORM",
        "id": "52215"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-4413",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "21139",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "22982",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1017241",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4567",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001157",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-292",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2006-11-16",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-20521",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "52215",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20521"
      },
      {
        "db": "BID",
        "id": "21139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001157"
      },
      {
        "db": "PACKETSTORM",
        "id": "52215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-292"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4413"
      }
    ]
  },
  "id": "VAR-200611-0008",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20521"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T23:07:45.603000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2006-11-16",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00000.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001157"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4413"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/21139"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017241"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/22982"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/4567"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4413"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4413"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/4567"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/remotedesktop/"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=304824"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/appleremotedesktop31admin.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/appleremotedesktop31client.html"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/products/48/?r=l"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/12647/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/22982/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20521"
      },
      {
        "db": "BID",
        "id": "21139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001157"
      },
      {
        "db": "PACKETSTORM",
        "id": "52215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-292"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4413"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-20521"
      },
      {
        "db": "BID",
        "id": "21139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001157"
      },
      {
        "db": "PACKETSTORM",
        "id": "52215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-292"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4413"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-11-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20521"
      },
      {
        "date": "2006-11-16T00:00:00",
        "db": "BID",
        "id": "21139"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001157"
      },
      {
        "date": "2006-11-17T23:30:18",
        "db": "PACKETSTORM",
        "id": "52215"
      },
      {
        "date": "2006-11-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200611-292"
      },
      {
        "date": "2006-11-18T01:07:00",
        "db": "NVD",
        "id": "CVE-2006-4413"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20521"
      },
      {
        "date": "2006-11-21T19:05:00",
        "db": "BID",
        "id": "21139"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001157"
      },
      {
        "date": "2006-11-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200611-292"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2006-4413"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "21139"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-292"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Remote Desktop Vulnerabilities that modify packages",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001157"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access verification error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-292"
      }
    ],
    "trust": 0.6
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…