Details of VAR-200606-0399

ID

VAR-200606-0399

CVE

CVE-2006-1468

TITLE

Apple Mac OS X AFP service Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200606-546

DESCRIPTION

Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information. Mac OS X is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly secure potentially sensitive information. An attacker can exploit this issue to retrieve potentially sensitive information that may aid in further attacks. This issue was initially discussed in BID 18686 (Apple Mac OS X Multiple Security Vulnerabilities), which has been split into individual BIDs to discuss each issue separately. ---------------------------------------------------------------------- Reverse Engineer Wanted Secunia offers a Security Specialist position with emphasis on reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. 2) A vulnerability within the Freshclam command line utility in ClamAV can potentially be exploited to compromise a vulnerable system. For more information: SA19880 3) A boundary error in ImageIO within the handling of TIFF images can be exploited to cause a stack-based buffer overflow. This crashes an affected application and may allow arbitrary code execution when a specially crafted TIFF image is viewed. 4) A format string error within the logging functionality of the setuid program "launchd" can be exploited by local users to execute arbitrary code with system privileges. 5) An error within "slapd" of the OpenLDAP server when handling an anonymous bind operation can be exploited to crash the service via a malformed ldap-bind message. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.62

sources: NVD: CVE-2006-1468 // BID: 18733 // BID: 18686 // VULHUB: VHN-17576 // PACKETSTORM: 47895

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.6	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.3	Trust: 1.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.6	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.5	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.4	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.3	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.4.7	Trust: 0.6
vendor:	apple	model:	mac os	scope:	ne	version:	x10.4.7	Trust: 0.6

sources: BID: 18733 // BID: 18686 // CNNVD: CNNVD-200606-546 // NVD: CVE-2006-1468

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-1468
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200606-546
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-17576
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-1468
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-17576
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-17576 // CNNVD: CNNVD-200606-546 // NVD: CVE-2006-1468

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2006-1468

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200606-546

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200606-546

EXTERNAL IDS

db:	NVD	id:	CVE-2006-1468	Trust: 2.3
db:	BID	id:	18686	Trust: 2.0
db:	BID	id:	18733	Trust: 2.0
db:	SECUNIA	id:	20877	Trust: 1.8
db:	SECTRACK	id:	1016395	Trust: 1.7
db:	OSVDB	id:	26930	Trust: 1.7
db:	VUPEN	id:	ADV-2006-2566	Trust: 1.7
db:	CNNVD	id:	CNNVD-200606-546	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2006-06-27	Trust: 0.6
db:	XF	id:	27477	Trust: 0.6
db:	VULHUB	id:	VHN-17576	Trust: 0.1
db:	PACKETSTORM	id:	47895	Trust: 0.1

sources: VULHUB: VHN-17576 // BID: 18733 // BID: 18686 // PACKETSTORM: 47895 // CNNVD: CNNVD-200606-546 // NVD: CVE-2006-1468

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2006/jun/msg00000.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/18686	Trust: 1.7
url:	http://www.securityfocus.com/bid/18733	Trust: 1.7
url:	http://www.osvdb.org/26930	Trust: 1.7
url:	http://securitytracker.com/id?1016395	Trust: 1.7
url:	http://secunia.com/advisories/20877	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/2566	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/27477	Trust: 1.1
url:	http://www.apple.com/support/downloads/	Trust: 0.6
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/2566	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/27477	Trust: 0.6
url:	http://labs.musecurity.com/advisories/mu-200606-02.txt	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/19880/	Trust: 0.1
url:	http://www.apple.com/support/downloads/macosxupdate1047intel.html	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/secunia_security_specialist/	Trust: 0.1
url:	http://secunia.com/advisories/20877/	Trust: 0.1
url:	http://secunia.com/product/96/	Trust: 0.1
url:	http://docs.info.apple.com/article.html?artnum=303973	Trust: 0.1
url:	http://www.digitalmunition.com/dma%5b2006-0628a%5d.txt	Trust: 0.1
url:	http://www.apple.com/support/downloads/macosxserverupdate1047.html	Trust: 0.1
url:	http://www.apple.com/support/downloads/macosxupdate1047ppc.html	Trust: 0.1

sources: VULHUB: VHN-17576 // BID: 18733 // BID: 18686 // PACKETSTORM: 47895 // CNNVD: CNNVD-200606-546 // NVD: CVE-2006-1468

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-200606-546

SOURCES

db:	VULHUB	id:	VHN-17576
db:	BID	id:	18733
db:	BID	id:	18686
db:	PACKETSTORM	id:	47895
db:	CNNVD	id:	CNNVD-200606-546
db:	NVD	id:	CVE-2006-1468

LAST UPDATE DATE

2024-08-14T12:40:11.868000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-17576	date:	2017-07-20T00:00:00
db:	BID	id:	18733	date:	2006-06-29T23:09:00
db:	BID	id:	18686	date:	2006-06-30T15:44:00
db:	CNNVD	id:	CNNVD-200606-546	date:	2006-07-03T00:00:00
db:	NVD	id:	CVE-2006-1468	date:	2017-07-20T01:30:37.583

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-17576	date:	2006-06-27T00:00:00
db:	BID	id:	18733	date:	2006-06-27T00:00:00
db:	BID	id:	18686	date:	2006-06-27T00:00:00
db:	PACKETSTORM	id:	47895	date:	2006-06-29T18:48:34
db:	CNNVD	id:	CNNVD-200606-546	date:	2006-06-27T00:00:00
db:	NVD	id:	CVE-2006-1468	date:	2006-06-27T21:05:00