Sign-up

ID

VAR-200606-0400


CVE

CVE-2006-1469


TITLE

Apple Mac OS X vulnerable to stack-based buffer overflow via specially crafted TIFF file

Trust: 0.8

sources: CERT/CC: VU#988356

DESCRIPTION

Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image. Mac OS X is prone to a buffer-overflow vulnerability. This issue is due to a stack-based buffer-overflow that results in a buffer being overrun with attacker-supplied data. This issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the application, denying service to legitimate users. This issue was initially discussed in BID 18686 (Apple Mac OS X Multiple Security Vulnerabilities), which has been split into individual BIDs to discuss each issue separately. ---------------------------------------------------------------------- Reverse Engineer Wanted Secunia offers a Security Specialist position with emphasis on reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. 1) An error in the AFP server within the handling of users' search results can be exploited by malicious users to gain knowledge of the names of files and folders for which the user performing the search has no access to. 2) A vulnerability within the Freshclam command line utility in ClamAV can potentially be exploited to compromise a vulnerable system. For more information: SA19880 3) A boundary error in ImageIO within the handling of TIFF images can be exploited to cause a stack-based buffer overflow. 4) A format string error within the logging functionality of the setuid program "launchd" can be exploited by local users to execute arbitrary code with system privileges. 5) An error within "slapd" of the OpenLDAP server when handling an anonymous bind operation can be exploited to crash the service via a malformed ldap-bind message. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.34

sources: NVD: CVE-2006-1469 // CERT/CC: VU#988356 // BID: 18731 // BID: 18686 // VULHUB: VHN-17577 // PACKETSTORM: 47895

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.6

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.6

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.5

Trust: 1.0

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.6

vendor:applemodel:mac os serverscope:neversion:x10.4.7

Trust: 0.6

vendor:applemodel:mac osscope:neversion:x10.4.7

Trust: 0.6

sources: CERT/CC: VU#988356 // BID: 18731 // BID: 18686 // CNNVD: CNNVD-200606-548 // NVD: CVE-2006-1469

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-1469
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#988356
value: 1.34

Trust: 0.8

CNNVD: CNNVD-200606-548
value: HIGH

Trust: 0.6

VULHUB: VHN-17577
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-1469
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-17577
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#988356 // VULHUB: VHN-17577 // CNNVD: CNNVD-200606-548 // NVD: CVE-2006-1469

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

sources: VULHUB: VHN-17577 // NVD: CVE-2006-1469

THREAT TYPE

network

Trust: 0.6

sources: BID: 18731 // BID: 18686

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200606-548

EXTERNAL IDS

db:CERT/CCid:VU#988356

Trust: 2.5

db:NVDid:CVE-2006-1469

Trust: 2.3

db:BIDid:18686

Trust: 2.0

db:BIDid:18731

Trust: 2.0

db:SECUNIAid:20877

Trust: 1.8

db:SECTRACKid:1016394

Trust: 1.7

db:VUPENid:ADV-2006-2566

Trust: 1.7

db:OSVDBid:26931

Trust: 1.7

db:CNNVDid:CNNVD-200606-548

Trust: 0.7

db:APPLEid:APPLE-SA-2006-06-27

Trust: 0.6

db:XFid:27478

Trust: 0.6

db:VULHUBid:VHN-17577

Trust: 0.1

db:PACKETSTORMid:47895

Trust: 0.1

sources: CERT/CC: VU#988356 // VULHUB: VHN-17577 // BID: 18731 // BID: 18686 // PACKETSTORM: 47895 // CNNVD: CNNVD-200606-548 // NVD: CVE-2006-1469

REFERENCES

url:http://lists.apple.com/archives/security-announce/2006/jun/msg00000.html

Trust: 1.7

url:http://www.securityfocus.com/bid/18686

Trust: 1.7

url:http://www.securityfocus.com/bid/18731

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/988356

Trust: 1.7

url:http://www.osvdb.org/26931

Trust: 1.7

url:http://securitytracker.com/id?1016394

Trust: 1.7

url:http://secunia.com/advisories/20877

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/2566

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27478

Trust: 1.1

url:about vulnerability notes

Trust: 0.8

url:contact us about this vulnerability

Trust: 0.8

url:provide a vendor statement

Trust: 0.8

url:http://www.apple.com/support/downloads/

Trust: 0.6

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.6

url:http://www.apple.com/macosx/

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/2566

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/27478

Trust: 0.6

url:http://labs.musecurity.com/advisories/mu-200606-02.txt

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/advisories/19880/

Trust: 0.1

url:http://www.apple.com/support/downloads/macosxupdate1047intel.html

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/secunia_security_specialist/

Trust: 0.1

url:http://secunia.com/advisories/20877/

Trust: 0.1

url:http://secunia.com/product/96/

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=303973

Trust: 0.1

url:http://www.digitalmunition.com/dma%5b2006-0628a%5d.txt

Trust: 0.1

url:http://www.apple.com/support/downloads/macosxserverupdate1047.html

Trust: 0.1

url:http://www.apple.com/support/downloads/macosxupdate1047ppc.html

Trust: 0.1

sources: CERT/CC: VU#988356 // VULHUB: VHN-17577 // BID: 18731 // BID: 18686 // PACKETSTORM: 47895 // CNNVD: CNNVD-200606-548 // NVD: CVE-2006-1469

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-200606-548

SOURCES

db:CERT/CCid:VU#988356
db:VULHUBid:VHN-17577
db:BIDid:18731
db:BIDid:18686
db:PACKETSTORMid:47895
db:CNNVDid:CNNVD-200606-548
db:NVDid:CVE-2006-1469

LAST UPDATE DATE

2024-08-14T13:17:40.343000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#988356date:2006-06-30T00:00:00
db:VULHUBid:VHN-17577date:2017-07-20T00:00:00
db:BIDid:18731date:2006-06-30T00:59:00
db:BIDid:18686date:2006-06-30T15:44:00
db:CNNVDid:CNNVD-200606-548date:2006-07-06T00:00:00
db:NVDid:CVE-2006-1469date:2017-07-20T01:30:37.647

SOURCES RELEASE DATE

db:CERT/CCid:VU#988356date:2006-06-30T00:00:00
db:VULHUBid:VHN-17577date:2006-06-27T00:00:00
db:BIDid:18731date:2006-06-27T00:00:00
db:BIDid:18686date:2006-06-27T00:00:00
db:PACKETSTORMid:47895date:2006-06-29T18:48:34
db:CNNVDid:CNNVD-200606-548date:2006-06-27T00:00:00
db:NVDid:CVE-2006-1469date:2006-06-27T22:13:00