Sign-up

ID

VAR-200608-0056


CVE

CVE-2006-3506


TITLE

Xsan Filesystem fails to properly process path names

Trust: 0.8

sources: CERT/CC: VU#737204

DESCRIPTION

Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name.". A buffer overflow vulnerability in Apple's Xsan product may allow a local attacker to run arbitrary code with root privileges or create a denial-of-service condition. Apple Xsan filesystem is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer. Failed exploit attempts will likely crash the system, denying service to legitimate users. ---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Xsan Filesystem Path Name Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA21551 VERIFY ADVISORY: http://secunia.com/advisories/21551/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Xsan Filesystem 1.x http://secunia.com/product/11577/ DESCRIPTION: A vulnerability has been reported in Xsan Filesystem, which potentially can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error in the Xsan Filesystem driver when processing path names and can be exploited to cause a buffer overflow. SOLUTION: Update to version 1.4. http://www.apple.com/support/downloads/xsanfilesystem14formacosx104.html PROVIDED AND/OR DISCOVERED BY: The vendor credits Andrew Wellington, Australian National University. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=304188 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2006-3506 // CERT/CC: VU#737204 // JVNDB: JVNDB-2006-001021 // BID: 19579 // VULHUB: VHN-19614 // PACKETSTORM: 49137

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.4.7

Trust: 2.4

vendor:applemodel:mac os x serverscope:eqversion:10.4.7

Trust: 2.4

vendor:applemodel:xsanscope:eqversion:1.3

Trust: 1.9

vendor:applemodel:xsanscope:eqversion:1.2

Trust: 1.9

vendor:applemodel:xsanscope:eqversion:1.0

Trust: 1.9

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:xsanscope:neversion:1.4

Trust: 0.3

sources: CERT/CC: VU#737204 // BID: 19579 // JVNDB: JVNDB-2006-001021 // CNNVD: CNNVD-200608-321 // NVD: CVE-2006-3506

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3506
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#737204
value: 0.31

Trust: 0.8

NVD: CVE-2006-3506
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200608-321
value: MEDIUM

Trust: 0.6

VULHUB: VHN-19614
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-3506
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-19614
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#737204 // VULHUB: VHN-19614 // JVNDB: JVNDB-2006-001021 // CNNVD: CNNVD-200608-321 // NVD: CVE-2006-3506

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3506

THREAT TYPE

local

Trust: 0.7

sources: PACKETSTORM: 49137 // CNNVD: CNNVD-200608-321

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200608-321

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001021

PATCH
title:Top Pageurl:http://www.apple.com/macosx/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001021

EXTERNAL IDS
db:CERT/CCid:VU#737204
Trust: 3.3
db:NVDid:CVE-2006-3506
Trust: 2.8
db:SECUNIAid:21551
Trust: 2.6
db:BIDid:19579
Trust: 2.0
db:VUPENid:ADV-2006-3315
Trust: 1.7
db:SECTRACKid:1016711
Trust: 1.7
db:OSVDBid:27994
Trust: 1.7
db:JVNDBid:JVNDB-2006-001021
Trust: 0.8
db:CNNVDid:CNNVD-200608-321
Trust: 0.7
db:APPLEid:APPLE-SA-2006-08-17
Trust: 0.6
db:VULHUBid:VHN-19614
Trust: 0.1
db:PACKETSTORMid:49137
Trust: 0.1
sources:
            
            
            CERT/CC: VU#737204 // 
            
            
            
            VULHUB: VHN-19614 // 
            
            
            
            BID: 19579 // 
            
            
            
            JVNDB: JVNDB-2006-001021 // 
            
            
            
            PACKETSTORM: 49137 // 
            
            
            
            CNNVD: CNNVD-200608-321 // 
            
            
            
            NVD: CVE-2006-3506

REFERENCES
url:http://www.kb.cert.org/vuls/id/737204
Trust: 2.5
url:http://docs.info.apple.com/article.html?artnum=304188
Trust: 1.8
url:http://www.securityfocus.com/bid/19579
Trust: 1.7
url:http://www.osvdb.org/27994
Trust: 1.7
url:http://securitytracker.com/id?1016711
Trust: 1.7
url:http://secunia.com/advisories/21551
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/3315
Trust: 1.1
url:http://secunia.com/advisories/21551/
Trust: 0.9
url:http://docs.info.apple.com/article.html?artnum=304188 
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3506
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3506
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2006/3315
Trust: 0.6
url:http://docs.info.apple.com/article.html?artnum=61798
Trust: 0.3
url:http://www.apple.com/xsan/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/11577/
Trust: 0.1
url:http://www.apple.com/support/downloads/xsanfilesystem14formacosx104.html
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#737204 // 
            
            
            
            VULHUB: VHN-19614 // 
            
            
            
            BID: 19579 // 
            
            
            
            JVNDB: JVNDB-2006-001021 // 
            
            
            
            PACKETSTORM: 49137 // 
            
            
            
            CNNVD: CNNVD-200608-321 // 
            
            
            
            NVD: CVE-2006-3506

CREDITS
Andrew Wellington is credited with discovering this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 19579 // 
            
            
            
            CNNVD: CNNVD-200608-321

SOURCES
db:CERT/CCid:VU#737204
db:VULHUBid:VHN-19614
db:BIDid:19579
db:JVNDBid:JVNDB-2006-001021
db:PACKETSTORMid:49137
db:CNNVDid:CNNVD-200608-321
db:NVDid:CVE-2006-3506

LAST UPDATE DATE
2024-08-14T14:22:38.794000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#737204date:2006-08-21T00:00:00
db:VULHUBid:VHN-19614date:2011-03-08T00:00:00
db:BIDid:19579date:2007-03-08T03:35:00
db:JVNDBid:JVNDB-2006-001021date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200608-321date:2006-08-22T00:00:00
db:NVDid:CVE-2006-3506date:2011-03-08T02:38:46.547

SOURCES RELEASE DATE
db:CERT/CCid:VU#737204date:2006-08-21T00:00:00
db:VULHUBid:VHN-19614date:2006-08-21T00:00:00
db:BIDid:19579date:2006-08-17T00:00:00
db:JVNDBid:JVNDB-2006-001021date:2012-06-26T00:00:00
db:PACKETSTORMid:49137date:2006-08-21T01:48:37
db:CNNVDid:CNNVD-200608-321date:2006-08-21T00:00:00
db:NVDid:CVE-2006-3506date:2006-08-21T19:04:00