Sign-up

ID

VAR-200606-0402


CVE

CVE-2006-1471


TITLE

Apple Mac OS X CF_syslog function Format string vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200606-527

DESCRIPTION

Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file. Apple Mac OS X 'launchd' is prone to a local format-string vulnerability. A local attacker can exploit this issue through a malicious 'plist' file that includes externally supplied format specifiers that will be passed to the vulnerable code. A successful attack may crash the application or lead to arbitrary code execution. This issue was initially discussed in BID 18686 (Apple Mac OS X Multiple Security Vulnerabilities). The vulnerability exists specifically in the logging tool of launchd. ---------------------------------------------------------------------- Reverse Engineer Wanted Secunia offers a Security Specialist position with emphasis on reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. 1) An error in the AFP server within the handling of users' search results can be exploited by malicious users to gain knowledge of the names of files and folders for which the user performing the search has no access to. 2) A vulnerability within the Freshclam command line utility in ClamAV can potentially be exploited to compromise a vulnerable system. For more information: SA19880 3) A boundary error in ImageIO within the handling of TIFF images can be exploited to cause a stack-based buffer overflow. 5) An error within "slapd" of the OpenLDAP server when handling an anonymous bind operation can be exploited to crash the service via a malformed ldap-bind message. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.71

sources: NVD: CVE-2006-1471 // BID: 18724 // BID: 18686 // VULHUB: VHN-17579 // VULMON: CVE-2006-1471 // PACKETSTORM: 47895

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.6

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.6

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.3

Trust: 1.0

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.6

vendor:applemodel:mac os serverscope:neversion:x10.4.7

Trust: 0.6

vendor:applemodel:mac osscope:neversion:x10.4.7

Trust: 0.6

sources: BID: 18724 // BID: 18686 // CNNVD: CNNVD-200606-527 // NVD: CVE-2006-1471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-1471
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200606-527
value: MEDIUM

Trust: 0.6

VULHUB: VHN-17579
value: MEDIUM

Trust: 0.1

VULMON: CVE-2006-1471
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-1471
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-17579
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-17579 // VULMON: CVE-2006-1471 // CNNVD: CNNVD-200606-527 // NVD: CVE-2006-1471

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.0

sources: NVD: CVE-2006-1471

THREAT TYPE

local

Trust: 0.9

sources: BID: 18724 // CNNVD: CNNVD-200606-527

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-200606-527

PATCH

title:Securelisturl:https://securelist.com/kaspersky-security-bulletin-2006-malware-for-unix-type-systems/36131/

Trust: 0.1

sources: VULMON: CVE-2006-1471

EXTERNAL IDS

db:NVDid:CVE-2006-1471

Trust: 2.4

db:BIDid:18724

Trust: 2.1

db:BIDid:18686

Trust: 2.1

db:SECUNIAid:20877

Trust: 1.9

db:OSVDBid:26933

Trust: 1.8

db:SECTRACKid:1016397

Trust: 1.7

db:VUPENid:ADV-2006-2566

Trust: 1.7

db:CNNVDid:CNNVD-200606-527

Trust: 0.7

db:XFid:27479

Trust: 0.6

db:APPLEid:APPLE-SA-2006-06-27

Trust: 0.6

db:BUGTRAQid:20060629 DMA[2006-0628A] - 'APPLE OSX LAUNCHD UNFORMATTED SYSLOG() VULNERABILITY'

Trust: 0.6

db:VULHUBid:VHN-17579

Trust: 0.1

db:VUPENid:2006/2566

Trust: 0.1

db:VULMONid:CVE-2006-1471

Trust: 0.1

db:PACKETSTORMid:47895

Trust: 0.1

sources: VULHUB: VHN-17579 // VULMON: CVE-2006-1471 // BID: 18724 // BID: 18686 // PACKETSTORM: 47895 // CNNVD: CNNVD-200606-527 // NVD: CVE-2006-1471

REFERENCES

url:http://www.securityfocus.com/bid/18724

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2006/jun/msg00000.html

Trust: 1.8

url:http://www.securityfocus.com/bid/18686

Trust: 1.8

url:http://www.osvdb.org/26933

Trust: 1.8

url:http://securitytracker.com/id?1016397

Trust: 1.8

url:http://secunia.com/advisories/20877

Trust: 1.8

url:http://www.securityfocus.com/archive/1/438699/100/0/threaded

Trust: 1.2

url:http://www.vupen.com/english/advisories/2006/2566

Trust: 1.2

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27479

Trust: 1.2

url:http://www.apple.com/support/downloads/

Trust: 0.6

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.6

url:http://www.apple.com/macosx/

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/438699/100/0/threaded

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/2566

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/27479

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/134.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://securelist.com/kaspersky-security-bulletin-2006-malware-for-unix-type-systems/36131/

Trust: 0.1

url:http://labs.musecurity.com/advisories/mu-200606-02.txt

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/advisories/19880/

Trust: 0.1

url:http://www.apple.com/support/downloads/macosxupdate1047intel.html

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/secunia_security_specialist/

Trust: 0.1

url:http://secunia.com/advisories/20877/

Trust: 0.1

url:http://secunia.com/product/96/

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=303973

Trust: 0.1

url:http://www.digitalmunition.com/dma%5b2006-0628a%5d.txt

Trust: 0.1

url:http://www.apple.com/support/downloads/macosxserverupdate1047.html

Trust: 0.1

url:http://www.apple.com/support/downloads/macosxupdate1047ppc.html

Trust: 0.1

sources: VULHUB: VHN-17579 // VULMON: CVE-2006-1471 // BID: 18724 // BID: 18686 // PACKETSTORM: 47895 // CNNVD: CNNVD-200606-527 // NVD: CVE-2006-1471

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-200606-527

SOURCES

db:VULHUBid:VHN-17579
db:VULMONid:CVE-2006-1471
db:BIDid:18724
db:BIDid:18686
db:PACKETSTORMid:47895
db:CNNVDid:CNNVD-200606-527
db:NVDid:CVE-2006-1471

LAST UPDATE DATE

2024-08-14T12:41:50.755000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-17579date:2018-10-18T00:00:00
db:VULMONid:CVE-2006-1471date:2018-10-18T00:00:00
db:BIDid:18724date:2006-07-04T19:04:00
db:BIDid:18686date:2006-06-30T15:44:00
db:CNNVDid:CNNVD-200606-527date:2006-07-03T00:00:00
db:NVDid:CVE-2006-1471date:2018-10-18T16:32:42.373

SOURCES RELEASE DATE

db:VULHUBid:VHN-17579date:2006-06-27T00:00:00
db:VULMONid:CVE-2006-1471date:2006-06-27T00:00:00
db:BIDid:18724date:2006-06-29T00:00:00
db:BIDid:18686date:2006-06-27T00:00:00
db:PACKETSTORMid:47895date:2006-06-29T18:48:34
db:CNNVDid:CNNVD-200606-527date:2006-06-27T00:00:00
db:NVDid:CVE-2006-1471date:2006-06-27T22:13:00