Sign-up

ID

VAR-200609-1189


CVE

CVE-2006-5710


TITLE

OpenSSL SSLv2 client code fails to properly check for NULL

Trust: 0.8

sources: CERT/CC: VU#386964

DESCRIPTION

The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects the eMac, iBook, iMac, PowerBook G3, PowerBook G4, and Power Mac G4 computers which were equipped with an original AirPort card. Computers with an AirPort Extreme are not affected. An Apple AirPort device is a wireless access point that provides 802.11 services to network clients. There is a memory corruption vulnerability in Apple AirPort when processing malformed probe response packets

Trust: 4.86

sources: NVD: CVE-2006-5710 // CERT/CC: VU#386964 // CERT/CC: VU#191336 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // JVNDB: JVNDB-2006-001482 // BID: 20862 // VULHUB: VHN-21818

AFFECTED PRODUCTS

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 2.4

vendor:f5model: - scope: - version: -

Trust: 2.4

vendor:freebsdmodel: - scope: - version: -

Trust: 2.4

vendor:openpkgmodel: - scope: - version: -

Trust: 2.4

vendor:opensslmodel: - scope: - version: -

Trust: 2.4

vendor:oraclemodel: - scope: - version: -

Trust: 2.4

vendor:red hatmodel: - scope: - version: -

Trust: 2.4

vendor:suse linuxmodel: - scope: - version: -

Trust: 2.4

vendor:slackware linuxmodel: - scope: - version: -

Trust: 2.4

vendor:ubuntumodel: - scope: - version: -

Trust: 2.4

vendor:rpathmodel: - scope: - version: -

Trust: 2.4

vendor:applemodel:mac os xscope:eqversion:10.4.8

Trust: 2.4

vendor:opendarwinmodel:darwin kernelscope:eqversion:8.8.0

Trust: 1.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 1.6

vendor:apple computermodel: - scope: - version: -

Trust: 1.6

vendor:appgate network securitymodel: - scope: - version: -

Trust: 0.8

vendor:attachmatewrqmodel: - scope: - version: -

Trust: 0.8

vendor:avayamodel: - scope: - version: -

Trust: 0.8

vendor:blue coatmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:gnutlsmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:iaik java groupmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:internet consortiummodel: - scope: - version: -

Trust: 0.8

vendor:intotomodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:mozillamodel: - scope: - version: -

Trust: 0.8

vendor:openwall gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:operamodel: - scope: - version: -

Trust: 0.8

vendor:rsa securitymodel: - scope: - version: -

Trust: 0.8

vendor:ssh security corpmodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:sybasemodel: - scope: - version: -

Trust: 0.8

vendor:vmwaremodel: - scope: - version: -

Trust: 0.8

vendor:vandykemodel: - scope: - version: -

Trust: 0.8

vendor:stonesoftmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:orinoco airport driverscope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#386964 // CERT/CC: VU#191336 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // BID: 20862 // JVNDB: JVNDB-2006-001482 // CNNVD: CNNVD-200611-039 // NVD: CVE-2006-5710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-5710
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#386964
value: 0.32

Trust: 0.8

CARNEGIE MELLON: VU#191336
value: 0.34

Trust: 0.8

CARNEGIE MELLON: VU#845620
value: 7.56

Trust: 0.8

CARNEGIE MELLON: VU#547300
value: 2.53

Trust: 0.8

NVD: CVE-2006-5710
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200611-039
value: HIGH

Trust: 0.6

VULHUB: VHN-21818
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-5710
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-21818
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#386964 // CERT/CC: VU#191336 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // VULHUB: VHN-21818 // JVNDB: JVNDB-2006-001482 // CNNVD: CNNVD-200611-039 // NVD: CVE-2006-5710

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-21818 // JVNDB: JVNDB-2006-001482 // NVD: CVE-2006-5710

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200611-039

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200611-039

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001482

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-21818

PATCH
title:APPLE-SA-2006-11-28url:http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
Trust: 0.8
title:Top Pageurl:http://www.puredarwin.org/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001482

EXTERNAL IDS
db:CERT/CCid:VU#191336
Trust: 3.3
db:NVDid:CVE-2006-5710
Trust: 2.8
db:SECUNIAid:23155
Trust: 2.5
db:SECUNIAid:22679
Trust: 2.5
db:USCERTid:TA06-333A
Trust: 2.5
db:BIDid:22083
Trust: 2.4
db:BIDid:20862
Trust: 2.0
db:VUPENid:ADV-2006-4313
Trust: 1.7
db:VUPENid:ADV-2006-4750
Trust: 1.7
db:OSVDBid:30180
Trust: 1.7
db:SECTRACKid:1017151
Trust: 1.7
db:SECUNIAid:23280
Trust: 1.6
db:SECUNIAid:23309
Trust: 1.6
db:BIDid:20246
Trust: 0.8
db:CERT/CCid:VU#386964
Trust: 0.8
db:SECUNIAid:21709
Trust: 0.8
db:CERT/CCid:VU#845620
Trust: 0.8
db:SECUNIAid:22207
Trust: 0.8
db:SECUNIAid:22212
Trust: 0.8
db:SECUNIAid:22116
Trust: 0.8
db:SECUNIAid:22216
Trust: 0.8
db:SECUNIAid:22220
Trust: 0.8
db:SECUNIAid:22330
Trust: 0.8
db:SECUNIAid:22130
Trust: 0.8
db:SECUNIAid:22240
Trust: 0.8
db:SECUNIAid:22259
Trust: 0.8
db:SECUNIAid:22260
Trust: 0.8
db:SECUNIAid:22165
Trust: 0.8
db:SECUNIAid:22166
Trust: 0.8
db:SECUNIAid:22172
Trust: 0.8
db:SECUNIAid:22284
Trust: 0.8
db:SECUNIAid:22186
Trust: 0.8
db:SECUNIAid:22193
Trust: 0.8
db:SECUNIAid:22094
Trust: 0.8
db:BIDid:20249
Trust: 0.8
db:SECTRACKid:1016943
Trust: 0.8
db:XFid:29237
Trust: 0.8
db:CERT/CCid:VU#547300
Trust: 0.8
db:JVNDBid:JVNDB-2006-001482
Trust: 0.8
db:CNNVDid:CNNVD-200611-039
Trust: 0.7
db:CERT/CCid:TA06-333A
Trust: 0.6
db:APPLEid:APPLE-SA-2006-11-28
Trust: 0.6
db:XFid:29965
Trust: 0.6
db:EXPLOIT-DBid:2700
Trust: 0.1
db:VULHUBid:VHN-21818
Trust: 0.1
sources:
            
            
            CERT/CC: VU#386964 // 
            
            
            
            CERT/CC: VU#191336 // 
            
            
            
            CERT/CC: VU#845620 // 
            
            
            
            CERT/CC: VU#547300 // 
            
            
            
            VULHUB: VHN-21818 // 
            
            
            
            BID: 20862 // 
            
            
            
            JVNDB: JVNDB-2006-001482 // 
            
            
            
            CNNVD: CNNVD-200611-039 // 
            
            
            
            NVD: CVE-2006-5710

REFERENCES
url:http://projects.info-pull.com/mokb/mokb-01-11-2006.html
Trust: 2.8
url:http://docs.info.apple.com/article.html?artnum=304829
Trust: 2.5
url:http://www.us-cert.gov/cas/techalerts/ta06-333a.html
Trust: 2.5
url:http://www.kb.cert.org/vuls/id/191336
Trust: 2.5
url:http://www.securityfocus.com/bid/22083
Trust: 2.4
url:http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html
Trust: 1.7
url:http://www.securityfocus.com/bid/20862
Trust: 1.7
url:http://www.osvdb.org/30180
Trust: 1.7
url:http://securitytracker.com/id?1017151
Trust: 1.7
url:http://secunia.com/advisories/22679
Trust: 1.7
url:http://secunia.com/advisories/23155
Trust: 1.7
url:http://www.openssl.org/news/secadv_20060928.txt
Trust: 1.6
url:http://secunia.com/advisories/23280/
Trust: 1.6
url:http://secunia.com/advisories/23309/
Trust: 1.6
url:http://www.vupen.com/english/advisories/2006/4313
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/4750
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/29965
Trust: 1.1
url:http://jvn.jp/cert/jvnvu%23386964/index.html
Trust: 0.8
url:http://www.securityfocus.com/bid/20246
Trust: 0.8
url:http://secunia.com/advisories/22679/
Trust: 0.8
url:http://secunia.com/advisories/23155/
Trust: 0.8
url:http://standards.ieee.org/announcements/pr_frames.html
Trust: 0.8
url:http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
Trust: 0.8
url:http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
Trust: 0.8
url:http://www.openssl.org/news/secadv_20060905.txt 
Trust: 0.8
url:http://secunia.com/advisories/21709/
Trust: 0.8
url:http://www.rsasecurity.com/rsalabs/node.asp?id=2125
Trust: 0.8
url:http://www.ietf.org/rfc/rfc3447.txt
Trust: 0.8
url:http://jvn.jp/cert/jvnvu%23547300/index.html
Trust: 0.8
url:http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html 
Trust: 0.8
url:https://issues.rpath.com/browse/rpl-613 
Trust: 0.8
url:http://www.openssl.org/news/secadv_20060928.txt 
Trust: 0.8
url:http://kolab.org/security/kolab-vendor-notice-11.txt 
Trust: 0.8
url:http://openvpn.net/changelog.html 
Trust: 0.8
url:http://www.serv-u.com/releasenotes/ 
Trust: 0.8
url:http://openbsd.org/errata.html#openssl2 
Trust: 0.8
url:http://www.securityfocus.com/bid/20249 
Trust: 0.8
url:http://securitytracker.com/id?1016943 
Trust: 0.8
url:http://secunia.com/advisories/22130 
Trust: 0.8
url:http://secunia.com/advisories/22094 
Trust: 0.8
url:http://secunia.com/advisories/22165 
Trust: 0.8
url:http://secunia.com/advisories/22186 
Trust: 0.8
url:http://secunia.com/advisories/22193 
Trust: 0.8
url:http://secunia.com/advisories/22207 
Trust: 0.8
url:http://secunia.com/advisories/22259 
Trust: 0.8
url:http://secunia.com/advisories/22260 
Trust: 0.8
url:http://secunia.com/advisories/22166 
Trust: 0.8
url:http://secunia.com/advisories/22172 
Trust: 0.8
url:http://secunia.com/advisories/22212 
Trust: 0.8
url:http://secunia.com/advisories/22240 
Trust: 0.8
url:http://secunia.com/advisories/22216 
Trust: 0.8
url:http://secunia.com/advisories/22116 
Trust: 0.8
url:http://secunia.com/advisories/22220 
Trust: 0.8
url:http://secunia.com/advisories/22284 
Trust: 0.8
url:http://secunia.com/advisories/22330 
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/29237 
Trust: 0.8
url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5710
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5710
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/29965
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/4750
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/4313
Trust: 0.6
url:http://www.securityfocus.com/brief/344
Trust: 0.3
url:http://software.cisco.com/download/navigator.html?mdfid=283613663
Trust: 0.3
url:http://blog.washingtonpost.com/securityfix/2006/11/exploit_released_for_unpatched_1.html
Trust: 0.3
sources:
            
            
            CERT/CC: VU#386964 // 
            
            
            
            CERT/CC: VU#191336 // 
            
            
            
            CERT/CC: VU#845620 // 
            
            
            
            CERT/CC: VU#547300 // 
            
            
            
            VULHUB: VHN-21818 // 
            
            
            
            BID: 20862 // 
            
            
            
            JVNDB: JVNDB-2006-001482 // 
            
            
            
            CNNVD: CNNVD-200611-039 // 
            
            
            
            NVD: CVE-2006-5710

CREDITS
H D Moore hdm@metasploit.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200611-039

SOURCES
db:CERT/CCid:VU#386964
db:CERT/CCid:VU#191336
db:CERT/CCid:VU#845620
db:CERT/CCid:VU#547300
db:VULHUBid:VHN-21818
db:BIDid:20862
db:JVNDBid:JVNDB-2006-001482
db:CNNVDid:CNNVD-200611-039
db:NVDid:CVE-2006-5710

LAST UPDATE DATE
2024-09-17T20:40:50.167000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#386964date:2011-07-22T00:00:00
db:CERT/CCid:VU#191336date:2006-11-30T00:00:00
db:CERT/CCid:VU#845620date:2007-02-08T00:00:00
db:CERT/CCid:VU#547300date:2011-07-22T00:00:00
db:VULHUBid:VHN-21818date:2017-07-20T00:00:00
db:BIDid:20862date:2006-11-29T22:00:00
db:JVNDBid:JVNDB-2006-001482date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200611-039date:2006-12-01T00:00:00
db:NVDid:CVE-2006-5710date:2017-07-20T01:33:54.713

SOURCES RELEASE DATE
db:CERT/CCid:VU#386964date:2006-09-28T00:00:00
db:CERT/CCid:VU#191336date:2006-11-30T00:00:00
db:CERT/CCid:VU#845620date:2006-09-11T00:00:00
db:CERT/CCid:VU#547300date:2006-09-28T00:00:00
db:VULHUBid:VHN-21818date:2006-11-04T00:00:00
db:BIDid:20862date:2006-11-01T00:00:00
db:JVNDBid:JVNDB-2006-001482date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200611-039date:2006-11-03T00:00:00
db:NVDid:CVE-2006-5710date:2006-11-04T01:07:00