Sign-up

ID

VAR-200609-1386


CVE

CVE-2006-4398


TITLE

OpenSSL SSLv2 client code fails to properly check for NULL

Trust: 0.8

sources: CERT/CC: VU#386964

DESCRIPTION

Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. These vulnerabilities may allow a local attacker to execute arbitrary code with system privileges. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Both local and remote vulnerabilities are present. A local attacker can trigger these overflows by sending a specially crafted service request, causing a denial of service or executing arbitrary commands with system privileges

Trust: 4.86

sources: NVD: CVE-2006-4398 // CERT/CC: VU#386964 // CERT/CC: VU#800296 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // JVNDB: JVNDB-2006-001148 // BID: 21335 // VULHUB: VHN-20506

AFFECTED PRODUCTS

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 2.4

vendor:f5model: - scope: - version: -

Trust: 2.4

vendor:freebsdmodel: - scope: - version: -

Trust: 2.4

vendor:openpkgmodel: - scope: - version: -

Trust: 2.4

vendor:opensslmodel: - scope: - version: -

Trust: 2.4

vendor:oraclemodel: - scope: - version: -

Trust: 2.4

vendor:red hatmodel: - scope: - version: -

Trust: 2.4

vendor:suse linuxmodel: - scope: - version: -

Trust: 2.4

vendor:slackware linuxmodel: - scope: - version: -

Trust: 2.4

vendor:ubuntumodel: - scope: - version: -

Trust: 2.4

vendor:rpathmodel: - scope: - version: -

Trust: 2.4

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 1.6

vendor:apple computermodel: - scope: - version: -

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.6

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.7

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.3

Trust: 1.6

vendor:appgate network securitymodel: - scope: - version: -

Trust: 0.8

vendor:attachmatewrqmodel: - scope: - version: -

Trust: 0.8

vendor:avayamodel: - scope: - version: -

Trust: 0.8

vendor:blue coatmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:gnutlsmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:iaik java groupmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:internet consortiummodel: - scope: - version: -

Trust: 0.8

vendor:intotomodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:mozillamodel: - scope: - version: -

Trust: 0.8

vendor:openwall gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:operamodel: - scope: - version: -

Trust: 0.8

vendor:rsa securitymodel: - scope: - version: -

Trust: 0.8

vendor:ssh security corpmodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:sybasemodel: - scope: - version: -

Trust: 0.8

vendor:vmwaremodel: - scope: - version: -

Trust: 0.8

vendor:vandykemodel: - scope: - version: -

Trust: 0.8

vendor:stonesoftmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.4 to 10.4.8

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:cosmicperlmodel:directory proscope:eqversion:10.0.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.03

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

sources: CERT/CC: VU#386964 // CERT/CC: VU#800296 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // BID: 21335 // JVNDB: JVNDB-2006-001148 // CNNVD: CNNVD-200611-514 // NVD: CVE-2006-4398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-4398
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#386964
value: 0.32

Trust: 0.8

CARNEGIE MELLON: VU#800296
value: 8.80

Trust: 0.8

CARNEGIE MELLON: VU#845620
value: 7.56

Trust: 0.8

CARNEGIE MELLON: VU#547300
value: 2.53

Trust: 0.8

NVD: CVE-2006-4398
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200611-514
value: HIGH

Trust: 0.6

VULHUB: VHN-20506
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-4398
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-20506
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#386964 // CERT/CC: VU#800296 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // VULHUB: VHN-20506 // JVNDB: JVNDB-2006-001148 // CNNVD: CNNVD-200611-514 // NVD: CVE-2006-4398

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4398

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200611-514

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200611-514

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001148

PATCH
title:APPLE-SA-2006-11-28url:http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001148

EXTERNAL IDS
db:CERT/CCid:VU#800296
Trust: 3.3
db:USCERTid:TA06-333A
Trust: 2.8
db:NVDid:CVE-2006-4398
Trust: 2.8
db:SECUNIAid:23155
Trust: 2.5
db:BIDid:22083
Trust: 2.4
db:BIDid:21335
Trust: 2.0
db:OSVDBid:30738
Trust: 1.7
db:SECTRACKid:1017301
Trust: 1.7
db:VUPENid:ADV-2006-4750
Trust: 1.7
db:SECUNIAid:23280
Trust: 1.6
db:SECUNIAid:23309
Trust: 1.6
db:BIDid:20246
Trust: 0.8
db:CERT/CCid:VU#386964
Trust: 0.8
db:SECUNIAid:21709
Trust: 0.8
db:CERT/CCid:VU#845620
Trust: 0.8
db:SECUNIAid:22207
Trust: 0.8
db:SECUNIAid:22212
Trust: 0.8
db:SECUNIAid:22116
Trust: 0.8
db:SECUNIAid:22216
Trust: 0.8
db:SECUNIAid:22220
Trust: 0.8
db:SECUNIAid:22330
Trust: 0.8
db:SECUNIAid:22130
Trust: 0.8
db:SECUNIAid:22240
Trust: 0.8
db:SECUNIAid:22259
Trust: 0.8
db:SECUNIAid:22260
Trust: 0.8
db:SECUNIAid:22165
Trust: 0.8
db:SECUNIAid:22166
Trust: 0.8
db:SECUNIAid:22172
Trust: 0.8
db:SECUNIAid:22284
Trust: 0.8
db:SECUNIAid:22186
Trust: 0.8
db:SECUNIAid:22193
Trust: 0.8
db:SECUNIAid:22094
Trust: 0.8
db:BIDid:20249
Trust: 0.8
db:SECTRACKid:1016943
Trust: 0.8
db:XFid:29237
Trust: 0.8
db:CERT/CCid:VU#547300
Trust: 0.8
db:JVNDBid:JVNDB-2006-001148
Trust: 0.8
db:CNNVDid:CNNVD-200611-514
Trust: 0.7
db:CERT/CCid:TA06-333A
Trust: 0.6
db:APPLEid:APPLE-SA-2006-11-28
Trust: 0.6
db:VULHUBid:VHN-20506
Trust: 0.1
sources:
            
            
            CERT/CC: VU#386964 // 
            
            
            
            CERT/CC: VU#800296 // 
            
            
            
            CERT/CC: VU#845620 // 
            
            
            
            CERT/CC: VU#547300 // 
            
            
            
            VULHUB: VHN-20506 // 
            
            
            
            BID: 21335 // 
            
            
            
            JVNDB: JVNDB-2006-001148 // 
            
            
            
            CNNVD: CNNVD-200611-514 // 
            
            
            
            NVD: CVE-2006-4398

REFERENCES
url:http://docs.info.apple.com/article.html?artnum=304829
Trust: 2.8
url:http://www.us-cert.gov/cas/techalerts/ta06-333a.html
Trust: 2.8
url:http://www.kb.cert.org/vuls/id/800296
Trust: 2.5
url:http://www.securityfocus.com/bid/22083
Trust: 2.4
url:http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html
Trust: 1.7
url:http://www.securityfocus.com/bid/21335
Trust: 1.7
url:http://www.osvdb.org/30738
Trust: 1.7
url:http://securitytracker.com/id?1017301
Trust: 1.7
url:http://secunia.com/advisories/23155
Trust: 1.7
url:http://www.openssl.org/news/secadv_20060928.txt
Trust: 1.6
url:http://secunia.com/advisories/23280/
Trust: 1.6
url:http://secunia.com/advisories/23309/
Trust: 1.6
url:http://www.vupen.com/english/advisories/2006/4750
Trust: 1.1
url:http://jvn.jp/cert/jvnvu%23386964/index.html
Trust: 0.8
url:http://www.securityfocus.com/bid/20246
Trust: 0.8
url:http://secunia.com/advisories/23155/
Trust: 0.8
url:http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
Trust: 0.8
url:http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
Trust: 0.8
url:http://www.openssl.org/news/secadv_20060905.txt 
Trust: 0.8
url:http://secunia.com/advisories/21709/
Trust: 0.8
url:http://www.rsasecurity.com/rsalabs/node.asp?id=2125
Trust: 0.8
url:http://www.ietf.org/rfc/rfc3447.txt
Trust: 0.8
url:http://jvn.jp/cert/jvnvu%23547300/index.html
Trust: 0.8
url:http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html 
Trust: 0.8
url:https://issues.rpath.com/browse/rpl-613 
Trust: 0.8
url:http://www.openssl.org/news/secadv_20060928.txt 
Trust: 0.8
url:http://kolab.org/security/kolab-vendor-notice-11.txt 
Trust: 0.8
url:http://openvpn.net/changelog.html 
Trust: 0.8
url:http://www.serv-u.com/releasenotes/ 
Trust: 0.8
url:http://openbsd.org/errata.html#openssl2 
Trust: 0.8
url:http://www.securityfocus.com/bid/20249 
Trust: 0.8
url:http://securitytracker.com/id?1016943 
Trust: 0.8
url:http://secunia.com/advisories/22130 
Trust: 0.8
url:http://secunia.com/advisories/22094 
Trust: 0.8
url:http://secunia.com/advisories/22165 
Trust: 0.8
url:http://secunia.com/advisories/22186 
Trust: 0.8
url:http://secunia.com/advisories/22193 
Trust: 0.8
url:http://secunia.com/advisories/22207 
Trust: 0.8
url:http://secunia.com/advisories/22259 
Trust: 0.8
url:http://secunia.com/advisories/22260 
Trust: 0.8
url:http://secunia.com/advisories/22166 
Trust: 0.8
url:http://secunia.com/advisories/22172 
Trust: 0.8
url:http://secunia.com/advisories/22212 
Trust: 0.8
url:http://secunia.com/advisories/22240 
Trust: 0.8
url:http://secunia.com/advisories/22216 
Trust: 0.8
url:http://secunia.com/advisories/22116 
Trust: 0.8
url:http://secunia.com/advisories/22220 
Trust: 0.8
url:http://secunia.com/advisories/22284 
Trust: 0.8
url:http://secunia.com/advisories/22330 
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/29237 
Trust: 0.8
url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4398
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4398
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2006/4750
Trust: 0.6
url:http://www.info.apple.com/usen/security/security_updates.html
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://labs.musecurity.com/advisories/mu-200611-01.txt
Trust: 0.3
sources:
            
            
            CERT/CC: VU#386964 // 
            
            
            
            CERT/CC: VU#800296 // 
            
            
            
            CERT/CC: VU#845620 // 
            
            
            
            CERT/CC: VU#547300 // 
            
            
            
            VULHUB: VHN-20506 // 
            
            
            
            BID: 21335 // 
            
            
            
            JVNDB: JVNDB-2006-001148 // 
            
            
            
            CNNVD: CNNVD-200611-514 // 
            
            
            
            NVD: CVE-2006-4398

CREDITS
Benjamin WilliamsMu SecurityEric CroninDr. Stephen N. HensonTim※ darksock@uhagr.org
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200611-514

SOURCES
db:CERT/CCid:VU#386964
db:CERT/CCid:VU#800296
db:CERT/CCid:VU#845620
db:CERT/CCid:VU#547300
db:VULHUBid:VHN-20506
db:BIDid:21335
db:JVNDBid:JVNDB-2006-001148
db:CNNVDid:CNNVD-200611-514
db:NVDid:CVE-2006-4398

LAST UPDATE DATE
2024-09-14T21:13:57.376000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#386964date:2011-07-22T00:00:00
db:CERT/CCid:VU#800296date:2006-12-20T00:00:00
db:CERT/CCid:VU#845620date:2007-02-08T00:00:00
db:CERT/CCid:VU#547300date:2011-07-22T00:00:00
db:VULHUBid:VHN-20506date:2011-03-08T00:00:00
db:BIDid:21335date:2006-11-30T20:25:00
db:JVNDBid:JVNDB-2006-001148date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200611-514date:2006-11-30T00:00:00
db:NVDid:CVE-2006-4398date:2011-03-08T02:40:52.033

SOURCES RELEASE DATE
db:CERT/CCid:VU#386964date:2006-09-28T00:00:00
db:CERT/CCid:VU#800296date:2006-11-30T00:00:00
db:CERT/CCid:VU#845620date:2006-09-11T00:00:00
db:CERT/CCid:VU#547300date:2006-09-28T00:00:00
db:VULHUBid:VHN-20506date:2006-11-30T00:00:00
db:BIDid:21335date:2006-11-28T00:00:00
db:JVNDBid:JVNDB-2006-001148date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200611-514date:2006-11-30T00:00:00
db:NVDid:CVE-2006-4398date:2006-11-30T16:28:00