ID

VAR-200609-1397


CVE

CVE-2006-5710


TITLE

OpenSSL SSLv2 client code fails to properly check for NULL

Trust: 0.8

sources: CERT/CC: VU#386964

DESCRIPTION

The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects the eMac, iBook, iMac, PowerBook G3, PowerBook G4, and Power Mac G4 computers which were equipped with an original AirPort card. Computers with an AirPort Extreme are not affected. An Apple AirPort device is a wireless access point that provides 802.11 services to network clients. There is a memory corruption vulnerability in Apple AirPort when processing malformed probe response packets

Trust: 4.86

sources: NVD: CVE-2006-5710 // CERT/CC: VU#386964 // CERT/CC: VU#191336 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // JVNDB: JVNDB-2006-001482 // BID: 20862 // VULHUB: VHN-21818

AFFECTED PRODUCTS

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 2.4

vendor:f5model: - scope: - version: -

Trust: 2.4

vendor:freebsdmodel: - scope: - version: -

Trust: 2.4

vendor:openpkgmodel: - scope: - version: -

Trust: 2.4

vendor:opensslmodel: - scope: - version: -

Trust: 2.4

vendor:oraclemodel: - scope: - version: -

Trust: 2.4

vendor:red hatmodel: - scope: - version: -

Trust: 2.4

vendor:suse linuxmodel: - scope: - version: -

Trust: 2.4

vendor:slackware linuxmodel: - scope: - version: -

Trust: 2.4

vendor:ubuntumodel: - scope: - version: -

Trust: 2.4

vendor:rpathmodel: - scope: - version: -

Trust: 2.4

vendor:applemodel:mac os xscope:eqversion:10.4.8

Trust: 2.4

vendor:opendarwinmodel:darwin kernelscope:eqversion:8.8.0

Trust: 1.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 1.6

vendor:apple computermodel: - scope: - version: -

Trust: 1.6

vendor:appgate network securitymodel: - scope: - version: -

Trust: 0.8

vendor:attachmatewrqmodel: - scope: - version: -

Trust: 0.8

vendor:avayamodel: - scope: - version: -

Trust: 0.8

vendor:blue coatmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:gnutlsmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:iaik java groupmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:internet consortiummodel: - scope: - version: -

Trust: 0.8

vendor:intotomodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:mozillamodel: - scope: - version: -

Trust: 0.8

vendor:openwall gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:operamodel: - scope: - version: -

Trust: 0.8

vendor:rsa securitymodel: - scope: - version: -

Trust: 0.8

vendor:ssh security corpmodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:sybasemodel: - scope: - version: -

Trust: 0.8

vendor:vmwaremodel: - scope: - version: -

Trust: 0.8

vendor:vandykemodel: - scope: - version: -

Trust: 0.8

vendor:stonesoftmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:orinoco airport driverscope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#386964 // CERT/CC: VU#191336 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // BID: 20862 // JVNDB: JVNDB-2006-001482 // CNNVD: CNNVD-200611-039 // NVD: CVE-2006-5710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-5710
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#386964
value: 0.32

Trust: 0.8

CARNEGIE MELLON: VU#191336
value: 0.34

Trust: 0.8

CARNEGIE MELLON: VU#845620
value: 7.56

Trust: 0.8

CARNEGIE MELLON: VU#547300
value: 2.53

Trust: 0.8

NVD: CVE-2006-5710
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200611-039
value: HIGH

Trust: 0.6

VULHUB: VHN-21818
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-5710
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-21818
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#386964 // CERT/CC: VU#191336 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // VULHUB: VHN-21818 // JVNDB: JVNDB-2006-001482 // CNNVD: CNNVD-200611-039 // NVD: CVE-2006-5710

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-21818 // JVNDB: JVNDB-2006-001482 // NVD: CVE-2006-5710

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200611-039

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200611-039

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001482

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-21818

PATCH

title:APPLE-SA-2006-11-28url:http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html

Trust: 0.8

title:Top Pageurl:http://www.puredarwin.org/

Trust: 0.8

sources: JVNDB: JVNDB-2006-001482

EXTERNAL IDS

db:CERT/CCid:VU#191336

Trust: 3.3

db:NVDid:CVE-2006-5710

Trust: 2.8

db:SECUNIAid:23155

Trust: 2.5

db:SECUNIAid:22679

Trust: 2.5

db:USCERTid:TA06-333A

Trust: 2.5

db:BIDid:22083

Trust: 2.4

db:BIDid:20862

Trust: 2.0

db:VUPENid:ADV-2006-4313

Trust: 1.7

db:VUPENid:ADV-2006-4750

Trust: 1.7

db:OSVDBid:30180

Trust: 1.7

db:SECTRACKid:1017151

Trust: 1.7

db:SECUNIAid:23280

Trust: 1.6

db:SECUNIAid:23309

Trust: 1.6

db:BIDid:20246

Trust: 0.8

db:CERT/CCid:VU#386964

Trust: 0.8

db:SECUNIAid:21709

Trust: 0.8

db:CERT/CCid:VU#845620

Trust: 0.8

db:SECUNIAid:22207

Trust: 0.8

db:SECUNIAid:22212

Trust: 0.8

db:SECUNIAid:22116

Trust: 0.8

db:SECUNIAid:22216

Trust: 0.8

db:SECUNIAid:22220

Trust: 0.8

db:SECUNIAid:22330

Trust: 0.8

db:SECUNIAid:22130

Trust: 0.8

db:SECUNIAid:22240

Trust: 0.8

db:SECUNIAid:22259

Trust: 0.8

db:SECUNIAid:22260

Trust: 0.8

db:SECUNIAid:22165

Trust: 0.8

db:SECUNIAid:22166

Trust: 0.8

db:SECUNIAid:22172

Trust: 0.8

db:SECUNIAid:22284

Trust: 0.8

db:SECUNIAid:22186

Trust: 0.8

db:SECUNIAid:22193

Trust: 0.8

db:SECUNIAid:22094

Trust: 0.8

db:BIDid:20249

Trust: 0.8

db:SECTRACKid:1016943

Trust: 0.8

db:XFid:29237

Trust: 0.8

db:CERT/CCid:VU#547300

Trust: 0.8

db:JVNDBid:JVNDB-2006-001482

Trust: 0.8

db:CNNVDid:CNNVD-200611-039

Trust: 0.7

db:CERT/CCid:TA06-333A

Trust: 0.6

db:APPLEid:APPLE-SA-2006-11-28

Trust: 0.6

db:XFid:29965

Trust: 0.6

db:EXPLOIT-DBid:2700

Trust: 0.1

db:VULHUBid:VHN-21818

Trust: 0.1

sources: CERT/CC: VU#386964 // CERT/CC: VU#191336 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // VULHUB: VHN-21818 // BID: 20862 // JVNDB: JVNDB-2006-001482 // CNNVD: CNNVD-200611-039 // NVD: CVE-2006-5710

REFERENCES

url:http://projects.info-pull.com/mokb/mokb-01-11-2006.html

Trust: 2.8

url:http://docs.info.apple.com/article.html?artnum=304829

Trust: 2.5

url:http://www.us-cert.gov/cas/techalerts/ta06-333a.html

Trust: 2.5

url:http://www.kb.cert.org/vuls/id/191336

Trust: 2.5

url:http://www.securityfocus.com/bid/22083

Trust: 2.4

url:http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html

Trust: 1.7

url:http://www.securityfocus.com/bid/20862

Trust: 1.7

url:http://www.osvdb.org/30180

Trust: 1.7

url:http://securitytracker.com/id?1017151

Trust: 1.7

url:http://secunia.com/advisories/22679

Trust: 1.7

url:http://secunia.com/advisories/23155

Trust: 1.7

url:http://www.openssl.org/news/secadv_20060928.txt

Trust: 1.6

url:http://secunia.com/advisories/23280/

Trust: 1.6

url:http://secunia.com/advisories/23309/

Trust: 1.6

url:http://www.vupen.com/english/advisories/2006/4313

Trust: 1.1

url:http://www.vupen.com/english/advisories/2006/4750

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/29965

Trust: 1.1

url:http://jvn.jp/cert/jvnvu%23386964/index.html

Trust: 0.8

url:http://www.securityfocus.com/bid/20246

Trust: 0.8

url:http://secunia.com/advisories/22679/

Trust: 0.8

url:http://secunia.com/advisories/23155/

Trust: 0.8

url:http://standards.ieee.org/announcements/pr_frames.html

Trust: 0.8

url:http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html

Trust: 0.8

url:http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/

Trust: 0.8

url:http://www.openssl.org/news/secadv_20060905.txt

Trust: 0.8

url:http://secunia.com/advisories/21709/

Trust: 0.8

url:http://www.rsasecurity.com/rsalabs/node.asp?id=2125

Trust: 0.8

url:http://www.ietf.org/rfc/rfc3447.txt

Trust: 0.8

url:http://jvn.jp/cert/jvnvu%23547300/index.html

Trust: 0.8

url:http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html

Trust: 0.8

url:https://issues.rpath.com/browse/rpl-613

Trust: 0.8

url:http://www.openssl.org/news/secadv_20060928.txt

Trust: 0.8

url:http://kolab.org/security/kolab-vendor-notice-11.txt

Trust: 0.8

url:http://openvpn.net/changelog.html

Trust: 0.8

url:http://www.serv-u.com/releasenotes/

Trust: 0.8

url:http://openbsd.org/errata.html#openssl2

Trust: 0.8

url:http://www.securityfocus.com/bid/20249

Trust: 0.8

url:http://securitytracker.com/id?1016943

Trust: 0.8

url:http://secunia.com/advisories/22130

Trust: 0.8

url:http://secunia.com/advisories/22094

Trust: 0.8

url:http://secunia.com/advisories/22165

Trust: 0.8

url:http://secunia.com/advisories/22186

Trust: 0.8

url:http://secunia.com/advisories/22193

Trust: 0.8

url:http://secunia.com/advisories/22207

Trust: 0.8

url:http://secunia.com/advisories/22259

Trust: 0.8

url:http://secunia.com/advisories/22260

Trust: 0.8

url:http://secunia.com/advisories/22166

Trust: 0.8

url:http://secunia.com/advisories/22172

Trust: 0.8

url:http://secunia.com/advisories/22212

Trust: 0.8

url:http://secunia.com/advisories/22240

Trust: 0.8

url:http://secunia.com/advisories/22216

Trust: 0.8

url:http://secunia.com/advisories/22116

Trust: 0.8

url:http://secunia.com/advisories/22220

Trust: 0.8

url:http://secunia.com/advisories/22284

Trust: 0.8

url:http://secunia.com/advisories/22330

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/29237

Trust: 0.8

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5710

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5710

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/29965

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/4750

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/4313

Trust: 0.6

url:http://www.securityfocus.com/brief/344

Trust: 0.3

url:http://software.cisco.com/download/navigator.html?mdfid=283613663

Trust: 0.3

url:http://blog.washingtonpost.com/securityfix/2006/11/exploit_released_for_unpatched_1.html

Trust: 0.3

sources: CERT/CC: VU#386964 // CERT/CC: VU#191336 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // VULHUB: VHN-21818 // BID: 20862 // JVNDB: JVNDB-2006-001482 // CNNVD: CNNVD-200611-039 // NVD: CVE-2006-5710

CREDITS

H D Moore hdm@metasploit.com

Trust: 0.6

sources: CNNVD: CNNVD-200611-039

SOURCES

db:CERT/CCid:VU#386964
db:CERT/CCid:VU#191336
db:CERT/CCid:VU#845620
db:CERT/CCid:VU#547300
db:VULHUBid:VHN-21818
db:BIDid:20862
db:JVNDBid:JVNDB-2006-001482
db:CNNVDid:CNNVD-200611-039
db:NVDid:CVE-2006-5710

LAST UPDATE DATE

2024-11-03T22:17:58.675000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#386964date:2011-07-22T00:00:00
db:CERT/CCid:VU#191336date:2006-11-30T00:00:00
db:CERT/CCid:VU#845620date:2007-02-08T00:00:00
db:CERT/CCid:VU#547300date:2011-07-22T00:00:00
db:VULHUBid:VHN-21818date:2017-07-20T00:00:00
db:BIDid:20862date:2006-11-29T22:00:00
db:JVNDBid:JVNDB-2006-001482date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200611-039date:2006-12-01T00:00:00
db:NVDid:CVE-2006-5710date:2017-07-20T01:33:54.713

SOURCES RELEASE DATE

db:CERT/CCid:VU#386964date:2006-09-28T00:00:00
db:CERT/CCid:VU#191336date:2006-11-30T00:00:00
db:CERT/CCid:VU#845620date:2006-09-11T00:00:00
db:CERT/CCid:VU#547300date:2006-09-28T00:00:00
db:VULHUBid:VHN-21818date:2006-11-04T00:00:00
db:BIDid:20862date:2006-11-01T00:00:00
db:JVNDBid:JVNDB-2006-001482date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200611-039date:2006-11-03T00:00:00
db:NVDid:CVE-2006-5710date:2006-11-04T01:07:00