ID

VAR-200603-0283


CVE

CVE-2006-0398


TITLE

Apple Safari automatically executes arbitrary shell commands or code

Trust: 0.8

sources: CERT/CC: VU#999708

DESCRIPTION

Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. Apple Safari fails to properly determine file safety, allowing a remote unauthenticated attacker to execute arbitrary commands or code. Commands would be executed in the context of the user opening the archive file. Attackers can reportedly use Safari and Apple Mail as exploitation vectors for this vulnerability. Mac OS X 10.4.5 is reported to be vulnerable. Earlier versions may also be affected. There is an issue in Safari's handling of automatic opening of downloaded files. Due to this default configuration and inconsistencies in Safari and OS X's security files, Safari may execute arbitrary shell commands if a specially crafted page is viewed. TITLE: Mac OS X "__MACOSX" ZIP Archive Shell Script Execution SECUNIA ADVISORY ID: SA18963 VERIFY ADVISORY: http://secunia.com/advisories/18963/ CRITICAL: Extremely critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Michael Lehn has discovered a vulnerability in Mac OS X, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of file association meta data (stored in the "__MACOSX" folder) in ZIP archives. This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive. This can also be exploited automatically via the Safari browser when visiting a malicious web site. Secunia has constructed a test, which can be used to check if your system is affected by this issue: http://secunia.com/mac_os_x_command_execution_vulnerability_test/ The vulnerability has been confirmed on a fully patched system with Safari 2.0.3 (417.8) and Mac OS X 10.4.5. SOLUTION: The vulnerability can be mitigated by disabling the "Open safe files after downloading" option in Safari. Do not open files in ZIP archives originating from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Michael Lehn ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-0398 // CERT/CC: VU#999708 // BID: 16736 // VULHUB: VHN-16506 // PACKETSTORM: 44037

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.3

Trust: 1.0

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

sources: CERT/CC: VU#999708 // BID: 16736 // CNNVD: CNNVD-200603-248 // NVD: CVE-2006-0398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0398
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#999708
value: 35.44

Trust: 0.8

CNNVD: CNNVD-200603-248
value: HIGH

Trust: 0.6

VULHUB: VHN-16506
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-0398
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-16506
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#999708 // VULHUB: VHN-16506 // CNNVD: CNNVD-200603-248 // NVD: CVE-2006-0398

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.1

sources: VULHUB: VHN-16506 // NVD: CVE-2006-0398

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200603-248

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-200603-248

EXTERNAL IDS

db:NVDid:CVE-2006-0398

Trust: 2.8

db:SECUNIAid:19129

Trust: 1.7

db:OSVDBid:23870

Trust: 1.7

db:VUPENid:ADV-2006-0949

Trust: 1.7

db:SECTRACKid:1015760

Trust: 1.7

db:BIDid:16736

Trust: 1.1

db:SECUNIAid:18963

Trust: 0.9

db:XFid:24808

Trust: 0.8

db:SECTRACKid:1015652

Trust: 0.8

db:CERT/CCid:VU#999708

Trust: 0.8

db:CNNVDid:CNNVD-200603-248

Trust: 0.7

db:APPLEid:APPLE-SA-2006-03-13

Trust: 0.6

db:XFid:25269

Trust: 0.6

db:VULHUBid:VHN-16506

Trust: 0.1

db:PACKETSTORMid:44037

Trust: 0.1

sources: CERT/CC: VU#999708 // VULHUB: VHN-16506 // BID: 16736 // PACKETSTORM: 44037 // CNNVD: CNNVD-200603-248 // NVD: CVE-2006-0398

REFERENCES

url:http://docs.info.apple.com/article.html?artnum=303453

Trust: 2.8

url:http://lists.apple.com/archives/security-announce/2006/mar/msg00001.html

Trust: 1.7

url:http://www.osvdb.org/23870

Trust: 1.7

url:http://securitytracker.com/id?1015760

Trust: 1.7

url:http://secunia.com/advisories/19129

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0949

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/25269

Trust: 1.1

url:http://secunia.com/advisories/18963/

Trust: 0.9

url:http://docs.info.apple.com/article.html?artnum=303382

Trust: 0.8

url:http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html

Trust: 0.8

url:http://www.heise.de/english/newsticker/news/69862

Trust: 0.8

url:http://developer.apple.com/documentation/carbon/conceptual/launchservicesconcepts/lscconcepts/chapter_2_section_8.html

Trust: 0.8

url:http://developer.apple.com/technotes/tn/tn2017.html

Trust: 0.8

url:http://developer.apple.com/documentation/mac/moretoolbox/moretoolbox-11.html

Trust: 0.8

url:http://docs.info.apple.com/article.html?artnum=108009

Trust: 0.8

url:http://www.securityfocus.com/bid/16736

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/24808

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0397

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0398

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0399

Trust: 0.8

url:http://securitytracker.com/alerts/2006/feb/1015652.html

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2006/0949

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/25269

Trust: 0.6

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.3

url:http://www.apple.com/macosx/

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/mac_os_x_command_execution_vulnerability_test/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/96/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: CERT/CC: VU#999708 // VULHUB: VHN-16506 // BID: 16736 // PACKETSTORM: 44037 // CNNVD: CNNVD-200603-248 // NVD: CVE-2006-0398

CREDITS

Michael Lehn

Trust: 0.6

sources: CNNVD: CNNVD-200603-248

SOURCES

db:CERT/CCid:VU#999708
db:VULHUBid:VHN-16506
db:BIDid:16736
db:PACKETSTORMid:44037
db:CNNVDid:CNNVD-200603-248
db:NVDid:CVE-2006-0398

LAST UPDATE DATE

2024-12-25T21:15:57.050000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#999708date:2006-12-07T00:00:00
db:VULHUBid:VHN-16506date:2017-07-20T00:00:00
db:BIDid:16736date:2016-07-06T14:40:00
db:CNNVDid:CNNVD-200603-248date:2006-03-15T00:00:00
db:NVDid:CVE-2006-0398date:2024-11-21T00:06:22.177

SOURCES RELEASE DATE

db:CERT/CCid:VU#999708date:2006-02-21T00:00:00
db:VULHUBid:VHN-16506date:2006-03-14T00:00:00
db:BIDid:16736date:2006-02-21T00:00:00
db:PACKETSTORMid:44037date:2006-02-21T20:14:58
db:CNNVDid:CNNVD-200603-248date:2006-02-21T00:00:00
db:NVDid:CVE-2006-0398date:2006-03-14T11:02:00