Sign-up

ID

VAR-200603-0444


CVE

CVE-2006-1220


TITLE

Apple Mac OS X Kernel MACH_MSG_SEND Local Heap Overflow Vulnerability

Trust: 0.9

sources: BID: 17056 // CNNVD: CNNVD-200603-230

DESCRIPTION

Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow. Apple Mac OS X kernel is prone to a local heap-overflow vulnerability. Specifically, the vulnerability affects the 'mach_msg_send()' function of the kernel. A successful attack may result in a complete compromise. Failed exploit attempts will most likely result in a denial-of-service condition. All versions of the operating system are considered be vulnerable. A local attacker could exploit this vulnerability to gain complete control

Trust: 1.26

sources: NVD: CVE-2006-1220 // BID: 17056 // VULHUB: VHN-17328

AFFECTED PRODUCTS

vendor:applemodel:mac os x serverscope:eqversion:10.1.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.0

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.1.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.1.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.1.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.1.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.7

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.7

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.0.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.8

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.9

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.9

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.8

Trust: 1.0

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:cosmicperlmodel:directory proscope:eqversion:10.0.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

sources: BID: 17056 // CNNVD: CNNVD-200603-230 // NVD: CVE-2006-1220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-1220
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200603-230
value: MEDIUM

Trust: 0.6

VULHUB: VHN-17328
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-1220
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-17328
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-17328 // CNNVD: CNNVD-200603-230 // NVD: CVE-2006-1220

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-1220

THREAT TYPE

local

Trust: 0.9

sources: BID: 17056 // CNNVD: CNNVD-200603-230

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200603-230

EXTERNAL IDS

db:BIDid:17056

Trust: 2.0

db:OSVDBid:28453

Trust: 1.7

db:NVDid:CVE-2006-1220

Trust: 1.7

db:CNNVDid:CNNVD-200603-230

Trust: 0.7

db:VULHUBid:VHN-17328

Trust: 0.1

sources: VULHUB: VHN-17328 // BID: 17056 // CNNVD: CNNVD-200603-230 // NVD: CVE-2006-1220

REFERENCES

url:http://www.felinemenace.org/~nemo/

Trust: 2.0

url:http://www.securityfocus.com/bid/17056

Trust: 1.7

url:http://www.osvdb.org/28453

Trust: 1.7

url:http://www.apple.com

Trust: 0.3

sources: VULHUB: VHN-17328 // BID: 17056 // CNNVD: CNNVD-200603-230 // NVD: CVE-2006-1220

CREDITS

nemo nemo@felinemenace.org

Trust: 0.6

sources: CNNVD: CNNVD-200603-230

SOURCES

db:VULHUBid:VHN-17328
db:BIDid:17056
db:CNNVDid:CNNVD-200603-230
db:NVDid:CVE-2006-1220

LAST UPDATE DATE

2024-08-14T13:39:52.171000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-17328date:2013-09-06T00:00:00
db:BIDid:17056date:2006-03-11T06:30:00
db:CNNVDid:CNNVD-200603-230date:2006-03-17T00:00:00
db:NVDid:CVE-2006-1220date:2013-09-06T04:53:05.953

SOURCES RELEASE DATE

db:VULHUBid:VHN-17328date:2006-03-14T00:00:00
db:BIDid:17056date:2006-03-09T00:00:00
db:CNNVDid:CNNVD-200603-230date:2006-03-13T00:00:00
db:NVDid:CVE-2006-1220date:2006-03-14T02:02:00