ID

VAR-200608-0030


CVE

CVE-2006-3497


TITLE

Apple Mac OS X AFP server may disclose file and folder information in search results

Trust: 0.8

sources: CERT/CC: VU#708340

DESCRIPTION

Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive. These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information. The latest Mac OS X update fixes multiple vulnerabilities, as follows: Bom's compacted state handling could lead to heap corruption

Trust: 7.02

sources: NVD: CVE-2006-3497 // CERT/CC: VU#708340 // CERT/CC: VU#776628 // CERT/CC: VU#514740 // CERT/CC: VU#566132 // CERT/CC: VU#651844 // CERT/CC: VU#605908 // CERT/CC: VU#172244 // JVNDB: JVNDB-2006-001012 // BID: 19289 // VULHUB: VHN-19605

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 4.8

vendor:applemodel:mac os x serverscope:eqversion:10.4.7

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.7

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.9

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.9

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.9 and 10.4.7

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:cosmicperlmodel:directory proscope:eqversion:10.0.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.03

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

sources: CERT/CC: VU#708340 // CERT/CC: VU#514740 // CERT/CC: VU#566132 // CERT/CC: VU#651844 // CERT/CC: VU#605908 // CERT/CC: VU#172244 // BID: 19289 // JVNDB: JVNDB-2006-001012 // CNNVD: CNNVD-200608-047 // NVD: CVE-2006-3497

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3497
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#776628
value: 0.13

Trust: 0.8

CARNEGIE MELLON: VU#514740
value: 0.48

Trust: 0.8

CARNEGIE MELLON: VU#566132
value: 1.64

Trust: 0.8

CARNEGIE MELLON: VU#651844
value: 7.43

Trust: 0.8

CARNEGIE MELLON: VU#605908
value: 8.78

Trust: 0.8

CARNEGIE MELLON: VU#172244
value: 7.43

Trust: 0.8

NVD: CVE-2006-3497
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200608-047
value: MEDIUM

Trust: 0.6

VULHUB: VHN-19605
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-3497
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-19605
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#776628 // CERT/CC: VU#514740 // CERT/CC: VU#566132 // CERT/CC: VU#651844 // CERT/CC: VU#605908 // CERT/CC: VU#172244 // VULHUB: VHN-19605 // JVNDB: JVNDB-2006-001012 // CNNVD: CNNVD-200608-047 // NVD: CVE-2006-3497

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2006-3497

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200608-047

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200608-047

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001012

PATCH

title:APPLE-SA-2006-08-01url:http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html

Trust: 0.8

sources: JVNDB: JVNDB-2006-001012

EXTERNAL IDS

db:SECUNIAid:21253

Trust: 6.5

db:CERT/CCid:VU#514740

Trust: 3.6

db:NVDid:CVE-2006-3497

Trust: 2.8

db:USCERTid:TA06-214A

Trust: 2.5

db:BIDid:19289

Trust: 2.0

db:VUPENid:ADV-2006-3101

Trust: 1.7

db:OSVDBid:27735

Trust: 1.7

db:CERT/CCid:VU#708340

Trust: 1.1

db:CERT/CCid:VU#776628

Trust: 1.1

db:CERT/CCid:VU#566132

Trust: 1.1

db:CERT/CCid:VU#651844

Trust: 1.1

db:CERT/CCid:VU#605908

Trust: 1.1

db:CERT/CCid:VU#172244

Trust: 1.1

db:JVNDBid:JVNDB-2006-001012

Trust: 0.8

db:CNNVDid:CNNVD-200608-047

Trust: 0.7

db:CERT/CCid:TA06-214A

Trust: 0.6

db:APPLEid:APPLE-SA-2006-08-01

Trust: 0.6

db:VULHUBid:VHN-19605

Trust: 0.1

sources: CERT/CC: VU#708340 // CERT/CC: VU#776628 // CERT/CC: VU#514740 // CERT/CC: VU#566132 // CERT/CC: VU#651844 // CERT/CC: VU#605908 // CERT/CC: VU#172244 // VULHUB: VHN-19605 // BID: 19289 // JVNDB: JVNDB-2006-001012 // CNNVD: CNNVD-200608-047 // NVD: CVE-2006-3497

REFERENCES

url:http://docs.info.apple.com/article.html?artnum=304063

Trust: 4.8

url:http://secunia.com/advisories/21253/

Trust: 4.8

url:http://www.kb.cert.org/vuls/id/514740

Trust: 2.8

url:http://www.us-cert.gov/cas/techalerts/ta06-214a.html

Trust: 2.5

url:http://lists.apple.com/archives/security-announce/2006//aug/msg00000.html

Trust: 1.7

url:http://www.securityfocus.com/bid/19289

Trust: 1.7

url:http://www.osvdb.org/27735

Trust: 1.7

url:http://secunia.com/advisories/21253

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/3101

Trust: 1.1

url:http://manuals.info.apple.com/en/macosxsrvr10.3_systemimageadmin.pdf

Trust: 0.8

url:about vulnerability notes

Trust: 0.8

url:contact us about this vulnerability

Trust: 0.8

url:provide a vendor statement

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3497

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3497

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2006/3101

Trust: 0.6

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.3

url:http://www.apple.com/macosx/

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/172244

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/566132

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/605908

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/651844

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/776628

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/708340

Trust: 0.3

sources: CERT/CC: VU#708340 // CERT/CC: VU#776628 // CERT/CC: VU#514740 // CERT/CC: VU#566132 // CERT/CC: VU#651844 // CERT/CC: VU#605908 // CERT/CC: VU#172244 // VULHUB: VHN-19605 // BID: 19289 // JVNDB: JVNDB-2006-001012 // CNNVD: CNNVD-200608-047 // NVD: CVE-2006-3497

CREDITS

Dino Dai Zovi ddaizovi@atstake.com Tom Ferris tommy@security-protocols.com Neil ArchibaldRob MiddletonGael DelalleauJesse Ruderman jruderman@gmail.com

Trust: 0.6

sources: CNNVD: CNNVD-200608-047

SOURCES

db:CERT/CCid:VU#708340
db:CERT/CCid:VU#776628
db:CERT/CCid:VU#514740
db:CERT/CCid:VU#566132
db:CERT/CCid:VU#651844
db:CERT/CCid:VU#605908
db:CERT/CCid:VU#172244
db:VULHUBid:VHN-19605
db:BIDid:19289
db:JVNDBid:JVNDB-2006-001012
db:CNNVDid:CNNVD-200608-047
db:NVDid:CVE-2006-3497

LAST UPDATE DATE

2024-11-22T20:17:30.773000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#708340date:2007-01-29T00:00:00
db:CERT/CCid:VU#776628date:2006-08-03T00:00:00
db:CERT/CCid:VU#514740date:2006-08-02T00:00:00
db:CERT/CCid:VU#566132date:2006-08-02T00:00:00
db:CERT/CCid:VU#651844date:2006-08-14T00:00:00
db:CERT/CCid:VU#605908date:2006-08-14T00:00:00
db:CERT/CCid:VU#172244date:2006-08-14T00:00:00
db:VULHUBid:VHN-19605date:2011-04-07T00:00:00
db:BIDid:19289date:2007-11-15T00:35:00
db:JVNDBid:JVNDB-2006-001012date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200608-047date:2006-08-28T00:00:00
db:NVDid:CVE-2006-3497date:2011-04-07T04:00:00

SOURCES RELEASE DATE

db:CERT/CCid:VU#708340date:2007-01-29T00:00:00
db:CERT/CCid:VU#776628date:2006-08-02T00:00:00
db:CERT/CCid:VU#514740date:2006-08-02T00:00:00
db:CERT/CCid:VU#566132date:2006-08-02T00:00:00
db:CERT/CCid:VU#651844date:2006-08-02T00:00:00
db:CERT/CCid:VU#605908date:2006-08-02T00:00:00
db:CERT/CCid:VU#172244date:2006-08-02T00:00:00
db:VULHUBid:VHN-19605date:2006-08-02T00:00:00
db:BIDid:19289date:2006-08-01T00:00:00
db:JVNDBid:JVNDB-2006-001012date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200608-047date:2005-04-21T00:00:00
db:NVDid:CVE-2006-3497date:2006-08-02T16:04:00