Details of VAR-200605-0197

ID

VAR-200605-0197

CVE

CVE-2006-1466

TITLE

Apple Xcode Tools WebObjects Permissions and Access Control Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200605-426

DESCRIPTION

Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. Xcode Tools is prone to an unauthorized remote access vulnerability through the WebObjects plug-in. A remote attacker can exploit this issue to manipulate projects through the network service. This issue affects only those systems with the Xcode Tools WebObjects plug-in installed. TITLE: Apple Xcode WebObjects Plugin Access Control Vulnerability SECUNIA ADVISORY ID: SA20267 VERIFY ADVISORY: http://secunia.com/advisories/20267/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network SOFTWARE: Apple Xcode 2.x http://secunia.com/product/10144/ DESCRIPTION: A vulnerability has been reported in Apple Xcode, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability has been reported in versions prior to 2.3. SOLUTION: Update to version 2.3. http://developer.apple.com/tools/download/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Mike Schrag of mDimension Technology. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=303794 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-1466 // BID: 18091 // VULHUB: VHN-17574 // PACKETSTORM: 46649

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4	Trust: 1.6
vendor:	apple	model:	xcode	scope:	lte	version:	2.2	Trust: 1.0
vendor:	apple	model:	xcode	scope:	eq	version:	2.2	Trust: 0.9
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	xcode	scope:	ne	version:	2.3	Trust: 0.3

sources: BID: 18091 // CNNVD: CNNVD-200605-426 // NVD: CVE-2006-1466

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-1466
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200605-426
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-17574
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-1466
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-17574
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-17574 // CNNVD: CNNVD-200605-426 // NVD: CVE-2006-1466

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-1466

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-426

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200605-426

EXTERNAL IDS

db:	NVD	id:	CVE-2006-1466	Trust: 2.0
db:	BID	id:	18091	Trust: 2.0
db:	SECUNIA	id:	20267	Trust: 1.8
db:	VUPEN	id:	ADV-2006-1950	Trust: 1.7
db:	OSVDB	id:	25889	Trust: 1.7
db:	SECTRACK	id:	1016143	Trust: 1.7
db:	CNNVD	id:	CNNVD-200605-426	Trust: 0.7
db:	XF	id:	26634	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2006-05-23	Trust: 0.6
db:	VULHUB	id:	VHN-17574	Trust: 0.1
db:	PACKETSTORM	id:	46649	Trust: 0.1

sources: VULHUB: VHN-17574 // BID: 18091 // PACKETSTORM: 46649 // CNNVD: CNNVD-200605-426 // NVD: CVE-2006-1466

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2006/may/msg00004.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/18091	Trust: 1.7
url:	http://www.osvdb.org/25889	Trust: 1.7
url:	http://securitytracker.com/id?1016143	Trust: 1.7
url:	http://secunia.com/advisories/20267	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/1950	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/26634	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/26634	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/1950	Trust: 0.6
url:	http://www.apple.com/support/downloads/	Trust: 0.3
url:	http://www.apple.com	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/10144/	Trust: 0.1
url:	http://docs.info.apple.com/article.html?artnum=303794	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/20267/	Trust: 0.1
url:	http://developer.apple.com/tools/download/	Trust: 0.1

sources: VULHUB: VHN-17574 // BID: 18091 // PACKETSTORM: 46649 // CNNVD: CNNVD-200605-426 // NVD: CVE-2006-1466

CREDITS

Mike Schrag of mDimension Technology is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 18091 // CNNVD: CNNVD-200605-426

SOURCES

db:	VULHUB	id:	VHN-17574
db:	BID	id:	18091
db:	PACKETSTORM	id:	46649
db:	CNNVD	id:	CNNVD-200605-426
db:	NVD	id:	CVE-2006-1466

LAST UPDATE DATE

2024-08-14T15:04:37.111000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-17574	date:	2017-07-20T00:00:00
db:	BID	id:	18091	date:	2006-05-24T17:23:00
db:	CNNVD	id:	CNNVD-200605-426	date:	2006-05-24T00:00:00
db:	NVD	id:	CVE-2006-1466	date:	2017-07-20T01:30:37.473

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-17574	date:	2006-05-24T00:00:00
db:	BID	id:	18091	date:	2006-05-23T00:00:00
db:	PACKETSTORM	id:	46649	date:	2006-05-26T01:12:24
db:	CNNVD	id:	CNNVD-200605-426	date:	2006-05-23T00:00:00
db:	NVD	id:	CVE-2006-1466	date:	2006-05-24T01:02:00