Sign-up

ID

VAR-200510-0403


CVE

CVE-2006-1458


TITLE

Ruby safe-level security model bypass

Trust: 0.8

sources: CERT/CC: VU#160012

DESCRIPTION

Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. Apple QuickTime fails to properly handle JPEG images. Apple Quicktime Has multiple vulnerabilities. For more information, see the information provided by the vendor. These issues affect both Mac OS X and Microsoft Windows releases of the software. Successful exploits will result in the execution of arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. CVE-2006-1461 An attacker can create a specially crafted Flash movie to trigger a buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1462, CVE-2006-1463 An attacker can create a specially crafted H.264 movie to trigger integer overflow or buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1464 An attacker can create a specially crafted MPEG4 movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1465 An attacker can create a specially crafted AVI movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1453, CVE-2006-1454 QuickDraw has two vulnerabilities when processing malformed PICT files. Malformed font information may cause stack overflow, and malformed graphics data may cause heap overflow. An attacker can create specially crafted PICT graphics. CVE-2006-2238 An attacker can create a specially crafted BMP graphic to trigger a buffer overflow, causing arbitrary commands to be executed with user privileges or denial of service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-132A Apple Mac Products Affected by Multiple Vulnerabilities Original release date: May 12, 2006 Last revised: -- Source: US-CERT Systems Affected * Apple Mac OS X version 10.3.9 (Panther) and version 10.4.6 (Tiger) * Apple Mac OS X Server version 10.3.9 and version 10.4.6 * Apple Safari web browser * Apple Mail Previous versions of Mac OS X may also be affected. Please see Apple Security Update 2006-003 for further information. Impacts of other vulnerabilities include bypassing security restrictions and denial of service. I. Further details are available in the individual Vulnerability Notes. II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. III. Solution Install an update Install Apple Security Update 2006-003. This and other updates are available via Apple Update. Disable "Open 'safe' files after downloading" For additional protection, disable the option to "Open 'safe' files after downloading," as specified in "Securing Your Web Browser." Appendix A. References * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/#Safari> * Apple Security Update 2006-003 - <http://docs.info.apple.com/article.html?artnum=303737> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> ____________________________________________________________________ These vulnerabilities were reported in Apple Security Update 2006-003. Please see the Vulnerability Notes for individual reporter acknowledgements. ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-132A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-132A Feedback VU#519473" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History May 12, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRGTxnX0pj593lg50AQKebgf+PTa7qCt6QQRcXGlJ3vjPFOdO1VNRMGr8 WOP8JKHbCK93O3E6YtHJ3nQTJBfyq169TQijWvoWvjjXM603DojGXUXgTBZFhTSG c4L0jE2+nD3273nZXGPreFJAsPxK6me7d4Of/KQ/prJnUfrnWNxfrP90CmXRKNLD +4eC4BEjNXCqpb0ki62WQM7NED6IgfgNZWfO7faTSRYNRdEyLAgetQxZVm5eepyK BJO3rRBBRkOIkIIG5o/J5ViqgiuUP75N37QqTc7BtyzQR2OeWepytJvkMvJUBVAG r0fLUKvhT4wdHxsNGVGCxLNf3NHG1UuWNO3UZ9MeBmREdmeT+K0l9A== =cabu -----END PGP SIGNATURE-----

Trust: 3.51

sources: NVD: CVE-2006-1458 // CERT/CC: VU#160012 // CERT/CC: VU#289705 // JVNDB: JVNDB-2006-000965 // BID: 17953 // VULHUB: VHN-17566 // PACKETSTORM: 46436

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope:eqversion:7.0.4

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.0.3

Trust: 1.6

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:rubymodel: - scope: - version: -

Trust: 0.8

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.1

Trust: 0.8

vendor:applemodel:quicktime playerscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.1

Trust: 0.3

sources: CERT/CC: VU#160012 // CERT/CC: VU#289705 // BID: 17953 // JVNDB: JVNDB-2006-000965 // CNNVD: CNNVD-200510-060 // NVD: CVE-2006-1458

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-1458
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#160012
value: 2.57

Trust: 0.8

CARNEGIE MELLON: VU#289705
value: 17.71

Trust: 0.8

NVD: CVE-2006-1458
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200510-060
value: MEDIUM

Trust: 0.6

VULHUB: VHN-17566
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-1458
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-17566
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#160012 // CERT/CC: VU#289705 // VULHUB: VHN-17566 // JVNDB: JVNDB-2006-000965 // CNNVD: CNNVD-200510-060 // NVD: CVE-2006-1458

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.1

sources: VULHUB: VHN-17566 // NVD: CVE-2006-1458

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 46436 // CNNVD: CNNVD-200510-060

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200510-060

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-000965

PATCH
title:TA24130url:http://support.apple.com/kb/TA24130
Trust: 0.8
title:TA24130url:http://support.apple.com/kb/TA24130?viewlocale=ja_JP
Trust: 0.8
title:TA06-132Burl:http://software.fujitsu.com/jp/security/vulnerabilities/ta06-132b.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-000965

EXTERNAL IDS
db:NVDid:CVE-2006-1458
Trust: 2.8
db:CERT/CCid:VU#289705
Trust: 2.7
db:BIDid:17953
Trust: 2.2
db:SECUNIAid:20069
Trust: 1.9
db:USCERTid:TA06-132B
Trust: 1.9
db:SECTRACKid:1016067
Trust: 1.9
db:SECUNIAid:16904
Trust: 1.4
db:CERT/CCid:VU#160012
Trust: 1.4
db:VUPENid:ADV-2006-1778
Trust: 1.1
db:XFid:26391
Trust: 0.8
db:JVNDBid:JVNDB-2006-000965
Trust: 0.8
db:CNNVDid:CNNVD-200510-060
Trust: 0.7
db:USCERTid:TA06-132A
Trust: 0.7
db:SECUNIAid:17094
Trust: 0.6
db:SECUNIAid:17147
Trust: 0.6
db:SECUNIAid:17129
Trust: 0.6
db:SECUNIAid:20077
Trust: 0.6
db:SECUNIAid:17098
Trust: 0.6
db:SECUNIAid:19130
Trust: 0.6
db:SECUNIAid:17285
Trust: 0.6
db:DEBIANid:DSA-860
Trust: 0.6
db:DEBIANid:DSA-862
Trust: 0.6
db:DEBIANid:DSA-864
Trust: 0.6
db:APPLEid:APPLE-SA-2006-05-11
Trust: 0.6
db:SECTRACKid:1014948
Trust: 0.6
db:SUSEid:SUSE-SR:2006:005
Trust: 0.6
db:BIDid:17951
Trust: 0.6
db:BIDid:14909
Trust: 0.6
db:XFid:22360
Trust: 0.6
db:GENTOOid:GLSA-200510-05
Trust: 0.6
db:SREASONid:59
Trust: 0.6
db:CERT/CCid:TA06-132A
Trust: 0.6
db:VUPENid:ADV-2006-1779
Trust: 0.6
db:MANDRIVAid:MDKSA-2005:191
Trust: 0.6
db:UBUNTUid:USN-195-1
Trust: 0.6
db:REDHATid:RHSA-2005:799
Trust: 0.6
db:VULHUBid:VHN-17566
Trust: 0.1
db:PACKETSTORMid:46436
Trust: 0.1
sources:
            
            
            CERT/CC: VU#160012 // 
            
            
            
            CERT/CC: VU#289705 // 
            
            
            
            VULHUB: VHN-17566 // 
            
            
            
            BID: 17953 // 
            
            
            
            JVNDB: JVNDB-2006-000965 // 
            
            
            
            PACKETSTORM: 46436 // 
            
            
            
            CNNVD: CNNVD-200510-060 // 
            
            
            
            NVD: CVE-2006-1458

REFERENCES
url:http://www.securityfocus.com/bid/17953
Trust: 1.9
url:http://www.us-cert.gov/cas/techalerts/ta06-132b.html
Trust: 1.9
url:http://www.kb.cert.org/vuls/id/289705
Trust: 1.9
url:http://securitytracker.com/id?1016067
Trust: 1.9
url:http://secunia.com/advisories/20069
Trust: 1.9
url:http://www.ruby-lang.org/en/20051003.html
Trust: 1.4
url:http://jvn.jp/jp/jvn%2362914675/index.html
Trust: 1.4
url:http://lists.apple.com/archives/security-announce/2006/may/msg00002.html
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/1778
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/26391
Trust: 1.1
url:http://secunia.com/advisories/16904/
Trust: 0.8
url:http://www.rubycentral.com/book/taint.html
Trust: 0.8
url:http://www.apple.com/support/downloads/quicktime71.html 
Trust: 0.8
url:http://docs.info.apple.com/article.html?artnum=303752 
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1458
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2006/1778
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/26391
Trust: 0.8
url:http://jvn.jp/cert/jvnta06-132b/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-1458
Trust: 0.8
url:http://www.us-cert.gov/cas/techalerts/ta06-132a.html
Trust: 0.6
url:http://www.kb.cert.org/vuls/id/160012
Trust: 0.6
url:http://secunia.com/advisories/16904
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/22360
Trust: 0.6
url:http://www.ubuntu.com/usn/usn-195-1
Trust: 0.6
url:http://www.securitytracker.com/alerts/2005/sep/1014948.html
Trust: 0.6
url:http://www.securityfocus.com/bid/17951
Trust: 0.6
url:http://www.securityfocus.com/bid/14909
Trust: 0.6
url:http://www.redhat.com/support/errata/rhsa-2005-799.html
Trust: 0.6
url:http://www.novell.com/linux/security/advisories/2006_05_sr.html
Trust: 0.6
url:http://www.mandriva.com/security/advisories?name=mdksa-2005:191
Trust: 0.6
url:http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/1779
Trust: 0.6
url:http://www.debian.org/security/2005/dsa-864
Trust: 0.6
url:http://www.debian.org/security/2005/dsa-862
Trust: 0.6
url:http://www.debian.org/security/2005/dsa-860
Trust: 0.6
url:http://secunia.com/advisories/20077
Trust: 0.6
url:http://secunia.com/advisories/19130
Trust: 0.6
url:http://secunia.com/advisories/17285
Trust: 0.6
url:http://secunia.com/advisories/17147
Trust: 0.6
url:http://secunia.com/advisories/17129
Trust: 0.6
url:http://secunia.com/advisories/17098
Trust: 0.6
url:http://secunia.com/advisories/17094
Trust: 0.6
url:http://lists.apple.com/archives/security-announce/2006/may/msg00003.html
Trust: 0.6
url:http://securityreason.com/securityalert/59
Trust: 0.6
url:http://docs.info.apple.com/article.html?artnum=303752
Trust: 0.3
url:http://www.apple.com/quicktime/
Trust: 0.3
url:/archive/1/433850
Trust: 0.3
url:/archive/1/433810
Trust: 0.3
url:/archive/1/433828
Trust: 0.3
url:http://www.us-cert.gov/cas/signup.html>.
Trust: 0.1
url:http://docs.info.apple.com/article.html?artnum=303737>
Trust: 0.1
url:http://www.us-cert.gov/cas/techalerts/ta06-132a.html>
Trust: 0.1
url:http://docs.info.apple.com/article.html?artnum=106704>
Trust: 0.1
url:http://www.us-cert.gov/reading_room/securing_browser/#safari>
Trust: 0.1
url:http://www.us-cert.gov/legal.html>
Trust: 0.1
sources:
            
            
            CERT/CC: VU#160012 // 
            
            
            
            CERT/CC: VU#289705 // 
            
            
            
            VULHUB: VHN-17566 // 
            
            
            
            BID: 17953 // 
            
            
            
            JVNDB: JVNDB-2006-000965 // 
            
            
            
            PACKETSTORM: 46436 // 
            
            
            
            CNNVD: CNNVD-200510-060 // 
            
            
            
            NVD: CVE-2006-1458

CREDITS
Mike PriceATmaCA  atmaca@atmacasoft.com http://www.zerodayinitiative.com/ Sowhat  smaillist@gmail.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200510-060

SOURCES
db:CERT/CCid:VU#160012
db:CERT/CCid:VU#289705
db:VULHUBid:VHN-17566
db:BIDid:17953
db:JVNDBid:JVNDB-2006-000965
db:PACKETSTORMid:46436
db:CNNVDid:CNNVD-200510-060
db:NVDid:CVE-2006-1458

LAST UPDATE DATE
2024-09-19T21:28:03.391000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#160012date:2005-12-16T00:00:00
db:CERT/CCid:VU#289705date:2006-05-17T00:00:00
db:VULHUBid:VHN-17566date:2017-07-20T00:00:00
db:BIDid:17953date:2006-05-15T22:29:00
db:JVNDBid:JVNDB-2006-000965date:2009-04-03T00:00:00
db:CNNVDid:CNNVD-200510-060date:2007-01-03T00:00:00
db:NVDid:CVE-2006-1458date:2017-07-20T01:30:36.957

SOURCES RELEASE DATE
db:CERT/CCid:VU#160012date:2005-10-05T00:00:00
db:CERT/CCid:VU#289705date:2006-05-12T00:00:00
db:VULHUBid:VHN-17566date:2006-05-12T00:00:00
db:BIDid:17953date:2006-05-11T00:00:00
db:JVNDBid:JVNDB-2006-000965date:2009-04-03T00:00:00
db:PACKETSTORMid:46436date:2006-05-22T03:14:36
db:CNNVDid:CNNVD-200510-060date:2005-10-07T00:00:00
db:NVDid:CVE-2006-1458date:2006-05-12T20:06:00