ID

VAR-200610-0021


CVE

CVE-2006-4397


TITLE

Apple Workgroup Manager fails to properly enable ShadowHash passwords

Trust: 0.8

sources: CERT/CC: VU#847468

DESCRIPTION

Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings. These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. There is a vulnerability in the implementation of Kerberos that the error situation is not handled correctly. Impacts of other vulnerabilities include bypass of security restrictions and denial of service. I. Further details are available in the individual Vulnerability Notes for Apple Security Update 2006-006. More information on those vulnerabilities can be found in Adobe Security Bulletin APSB06-11 and the Vulnerability Notes for Adobe Security Bulletin APSB06-11. II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes for Apple Security Update 2006-006. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service. III. This and other updates are available via Apple Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA06-275A Feedback VU#546772" in the subject. _________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History October 02, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg== =nP7Y -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA22187 VERIFY ADVISORY: http://secunia.com/advisories/22187/ CRITICAL: Highly critical IMPACT: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error in the CFNetwork component may allow a malicious SSL site to pose as a trusted SLL site to CFNetwork clients (e.g. Safari). 4) An error in the kernel's error handling mechanism known as Mach exception ports can be exploited by malicious, local users to execute arbitrary code in privileged applications. 6) Another error in the LoginWindow component during the handling of "Fast User Switching" may result in Kerberos tickets being accessible to other local users. 8) An error makes it possible for an account to manage WebObjects applications after the "Admin" privileges have been revoked. 9) A memory corruption error in QuickDraw Manager when processing PICT images can potentially be exploited via a specially crafted PICT image to execute arbitrary code. 10) An error in SASL can be exploited by malicious people to cause a DoS (Denial of Service) against the IMAP service. For more information: SA19618 11) A memory management error in WebKit's handling of certain HTML can be exploited by malicious people to compromise a user's system. SOLUTION: Update to version 10.4.8 or apply Security Update 2006-006. 3) The vendor credits Tom Saxton, Idle Loop Software Design. 4) The vendor credits Dino Dai Zovi, Matasano Security. 5) The vendor credits Patrick Gallagher, Digital Peaks Corporation. 6) The vendor credits Ragnar Sundblad, Royal Institute of Technology. 8) The vendor credits Phillip Tejada, Fruit Bat Software. 12) The vendor credits Chris Pepper, The Rockefeller University. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=304460 OTHER REFERENCES: SA19618: http://secunia.com/advisories/19618/ SA20971: http://secunia.com/advisories/20971/ SA21271: http://secunia.com/advisories/21271/ SA21865: http://secunia.com/advisories/21865/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . visiting a malicious website. 2) An unspecified error can be exploited to bypass the "allowScriptAccess" option. 3) Unspecified errors exist in the way the ActiveX control is invoked by Microsoft Office products on Windows. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for reporting one of the vulnerabilities. 2) Reported by the vendor. 3) Reported by the vendor

Trust: 7.29

sources: NVD: CVE-2006-4397 // CERT/CC: VU#847468 // CERT/CC: VU#346396 // CERT/CC: VU#897628 // CERT/CC: VU#838404 // CERT/CC: VU#546772 // CERT/CC: VU#451380 // CERT/CC: VU#168372 // JVNDB: JVNDB-2006-000657 // BID: 20271 // VULHUB: VHN-20505 // PACKETSTORM: 50620 // PACKETSTORM: 50441 // PACKETSTORM: 49912

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 5.6

vendor:adobemodel: - scope: - version: -

Trust: 1.6

vendor:microsoftmodel: - scope: - version: -

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.6

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.7

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.4 to v10.4.7 up to version

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.4 to v10.4.7 up to version

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:cosmicperlmodel:directory proscope:eqversion:10.0.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.03

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

sources: CERT/CC: VU#847468 // CERT/CC: VU#346396 // CERT/CC: VU#897628 // CERT/CC: VU#838404 // CERT/CC: VU#546772 // CERT/CC: VU#451380 // CERT/CC: VU#168372 // BID: 20271 // JVNDB: JVNDB-2006-000657 // CNNVD: CNNVD-200610-019 // NVD: CVE-2006-4397

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-4397
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#346396
value: 0.54

Trust: 0.8

CARNEGIE MELLON: VU#897628
value: 2.76

Trust: 0.8

CARNEGIE MELLON: VU#838404
value: 1.38

Trust: 0.8

CARNEGIE MELLON: VU#546772
value: 11.70

Trust: 0.8

CARNEGIE MELLON: VU#451380
value: 33.41

Trust: 0.8

CARNEGIE MELLON: VU#168372
value: 14.29

Trust: 0.8

NVD: CVE-2006-4397
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200610-019
value: MEDIUM

Trust: 0.6

VULHUB: VHN-20505
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-4397
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-20505
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#346396 // CERT/CC: VU#897628 // CERT/CC: VU#838404 // CERT/CC: VU#546772 // CERT/CC: VU#451380 // CERT/CC: VU#168372 // VULHUB: VHN-20505 // JVNDB: JVNDB-2006-000657 // CNNVD: CNNVD-200610-019 // NVD: CVE-2006-4397

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4397

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200610-019

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200610-019

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-000657

PATCH

title:Mac OS X 10.4.8 Update (Intel)url:http://www.apple.com/support/downloads/macosx1048updateintel.html

Trust: 0.8

title:Mac OS X 10.4.8 Update (PPC)url:http://www.apple.com/support/downloads/macosx1048updateppc.html

Trust: 0.8

title:Mac OS X 10.4.8 and Security Update 2006-006url:http://docs.info.apple.com/article.html?artnum=304460

Trust: 0.8

title:Mac OS X 10.4.8 and Security Update 2006-006url:http://docs.info.apple.com/article.html?artnum=304460-ja

Trust: 0.8

title:Mac OS X 10.4.8 Update (Intel)url:http://www.apple.com/jp/ftp-info/reference/macosx1048updateintel.html

Trust: 0.8

title:Mac OS X 10.4.8 Update (PPC)url:http://www.apple.com/jp/ftp-info/reference/macosx1048updateppc.html

Trust: 0.8

sources: JVNDB: JVNDB-2006-000657

EXTERNAL IDS

db:SECUNIAid:22187

Trust: 6.6

db:BIDid:20271

Trust: 2.8

db:NVDid:CVE-2006-4397

Trust: 2.8

db:SECUNIAid:21865

Trust: 1.7

db:SECTRACKid:1016959

Trust: 1.7

db:VUPENid:ADV-2006-3852

Trust: 1.7

db:OSVDBid:29270

Trust: 1.7

db:CERT/CCid:VU#847468

Trust: 0.8

db:CERT/CCid:VU#346396

Trust: 0.8

db:CERT/CCid:VU#897628

Trust: 0.8

db:CERT/CCid:VU#838404

Trust: 0.8

db:CERT/CCid:VU#546772

Trust: 0.8

db:CERT/CCid:VU#451380

Trust: 0.8

db:CERT/CCid:VU#168372

Trust: 0.8

db:JVNDBid:JVNDB-2006-000657

Trust: 0.8

db:CNNVDid:CNNVD-200610-019

Trust: 0.7

db:APPLEid:APPLE-SA-2006-09-29

Trust: 0.6

db:USCERTid:TA06-275A

Trust: 0.4

db:VULHUBid:VHN-20505

Trust: 0.1

db:PACKETSTORMid:50620

Trust: 0.1

db:PACKETSTORMid:50441

Trust: 0.1

db:PACKETSTORMid:49912

Trust: 0.1

sources: CERT/CC: VU#847468 // CERT/CC: VU#346396 // CERT/CC: VU#897628 // CERT/CC: VU#838404 // CERT/CC: VU#546772 // CERT/CC: VU#451380 // CERT/CC: VU#168372 // VULHUB: VHN-20505 // BID: 20271 // JVNDB: JVNDB-2006-000657 // PACKETSTORM: 50620 // PACKETSTORM: 50441 // PACKETSTORM: 49912 // CNNVD: CNNVD-200610-019 // NVD: CVE-2006-4397

REFERENCES

url:http://secunia.com/advisories/22187/

Trust: 4.9

url:http://docs.info.apple.com/article.html?artnum=304460

Trust: 4.4

url:http://www.securityfocus.com/bid/20271

Trust: 2.5

url:http://secunia.com/advisories/21865/

Trust: 1.8

url:http://www.adobe.com/support/security/bulletins/apsb06-11.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2006/sep/msg00002.html

Trust: 1.7

url:http://www.osvdb.org/29270

Trust: 1.7

url:http://securitytracker.com/id?1016959

Trust: 1.7

url:http://secunia.com/advisories/22187

Trust: 1.7

url:http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx

Trust: 1.6

url:http://www.frsirt.com/english/advisories/2006/3852

Trust: 1.4

url:http://www.vupen.com/english/advisories/2006/3852

Trust: 1.1

url:http://www.microsoft.com/technet/security/advisory/925143.mspx

Trust: 0.9

url:http://www.cert.org/tech_tips/home_networks.html#iv

Trust: 0.8

url:http://www.macintouch.com/index.shtml#other.2006.10.03.xvul

Trust: 0.8

url:http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=d9c2fe33

Trust: 0.8

url:http://www.computerterrorism.com/research/ct12-09-2006.htm

Trust: 0.8

url:http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_16494

Trust: 0.8

url:http://www.adobe.com/devnet/security/security_zone/mpsb02-08.html

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4397

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-4397

Trust: 0.8

url:http://www.apple.com/macosx/

Trust: 0.3

url:http://www.us-cert.gov/cas/techalerts/ta06-275a.html

Trust: 0.3

url:/archive/1/447396

Trust: 0.3

url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/about_secunia_advisories/

Trust: 0.2

url:http://secunia.com/quality_assurance_analyst/

Trust: 0.2

url:http://secunia.com/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/web_application_security_specialist/

Trust: 0.2

url:http://www.apple.com/support/downloads/macosx1048updateintel.html>

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=304460>

Trust: 0.1

url:http://www.adobe.com/support/security/bulletins/apsb06-11.html>

Trust: 0.1

url:http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-006>

Trust: 0.1

url:http://www.us-cert.gov/cas/techalerts/ta06-275a.html>

Trust: 0.1

url:http://www.apple.com/support/downloads/>

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=106704>

Trust: 0.1

url:http://www.kb.cert.org/vuls/byid?searchview&query=apsb06-11>

Trust: 0.1

url:http://www.us-cert.gov/reading_room/securing_browser/#safari>

Trust: 0.1

url:http://www.us-cert.gov/legal.html>

Trust: 0.1

url:http://www.apple.com/support/downloads/securityupdate20060061039server.html

Trust: 0.1

url:http://www.apple.com/support/downloads/macosxserver1048updateppc.html

Trust: 0.1

url:http://www.apple.com/support/downloads/macosxserver1048comboupdateppc.html

Trust: 0.1

url:http://secunia.com/advisories/20971/

Trust: 0.1

url:http://www.apple.com/support/downloads/macosx1048comboupdateintel.html

Trust: 0.1

url:http://www.apple.com/support/downloads/securityupdate20060061039client.html

Trust: 0.1

url:http://www.apple.com/support/downloads/macosxserver1048updateuniversal.html

Trust: 0.1

url:http://secunia.com/advisories/19618/

Trust: 0.1

url:http://www.apple.com/support/downloads/macosx1048updateintel.html

Trust: 0.1

url:http://www.apple.com/support/downloads/macosx1048updateppc.html

Trust: 0.1

url:http://www.apple.com/support/downloads/macosx1048comboupdateppc.html

Trust: 0.1

url:http://secunia.com/advisories/21271/

Trust: 0.1

url:http://secunia.com/product/96/

Trust: 0.1

url:http://secunia.com/product/3191/

Trust: 0.1

url:http://secunia.com/product/6153/

Trust: 0.1

url:http://secunia.com/product/3192/

Trust: 0.1

url:http://secunia.com/product/2634/

Trust: 0.1

url:http://secunia.com/product/7024/

Trust: 0.1

url:http://secunia.com/product/5246/

Trust: 0.1

sources: CERT/CC: VU#847468 // CERT/CC: VU#346396 // CERT/CC: VU#897628 // CERT/CC: VU#838404 // CERT/CC: VU#546772 // CERT/CC: VU#451380 // CERT/CC: VU#168372 // VULHUB: VHN-20505 // BID: 20271 // JVNDB: JVNDB-2006-000657 // PACKETSTORM: 50620 // PACKETSTORM: 50441 // PACKETSTORM: 49912 // CNNVD: CNNVD-200610-019 // NVD: CVE-2006-4397

CREDITS

The vendor credits Adam Bryzak of Queensland University of Technology, Tom Saxton of Idle Loop Software Design, Dino Dai Zovi of Matasano Security, Patrick Gallagher of Digital Peaks Corporation, Ragnar Sundblad of the Royal Institute of Technology, Stockh

Trust: 0.3

sources: BID: 20271

SOURCES

db:CERT/CCid:VU#847468
db:CERT/CCid:VU#346396
db:CERT/CCid:VU#897628
db:CERT/CCid:VU#838404
db:CERT/CCid:VU#546772
db:CERT/CCid:VU#451380
db:CERT/CCid:VU#168372
db:VULHUBid:VHN-20505
db:BIDid:20271
db:JVNDBid:JVNDB-2006-000657
db:PACKETSTORMid:50620
db:PACKETSTORMid:50441
db:PACKETSTORMid:49912
db:CNNVDid:CNNVD-200610-019
db:NVDid:CVE-2006-4397

LAST UPDATE DATE

2024-08-14T12:29:33.759000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#847468date:2006-11-21T00:00:00
db:CERT/CCid:VU#346396date:2006-10-02T00:00:00
db:CERT/CCid:VU#897628date:2006-10-02T00:00:00
db:CERT/CCid:VU#838404date:2006-10-04T00:00:00
db:CERT/CCid:VU#546772date:2006-11-21T00:00:00
db:CERT/CCid:VU#451380date:2007-07-11T00:00:00
db:CERT/CCid:VU#168372date:2006-11-14T00:00:00
db:VULHUBid:VHN-20505date:2011-03-08T00:00:00
db:BIDid:20271date:2006-10-03T18:30:00
db:JVNDBid:JVNDB-2006-000657date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200610-019date:2022-03-10T00:00:00
db:NVDid:CVE-2006-4397date:2011-03-08T02:40:51.937

SOURCES RELEASE DATE

db:CERT/CCid:VU#847468date:2006-10-02T00:00:00
db:CERT/CCid:VU#346396date:2006-10-02T00:00:00
db:CERT/CCid:VU#897628date:2006-10-02T00:00:00
db:CERT/CCid:VU#838404date:2006-10-02T00:00:00
db:CERT/CCid:VU#546772date:2006-10-02T00:00:00
db:CERT/CCid:VU#451380date:2006-09-18T00:00:00
db:CERT/CCid:VU#168372date:2006-09-20T00:00:00
db:VULHUBid:VHN-20505date:2006-10-03T00:00:00
db:BIDid:20271date:2006-09-29T00:00:00
db:JVNDBid:JVNDB-2006-000657date:2007-04-01T00:00:00
db:PACKETSTORMid:50620date:2006-10-04T21:36:00
db:PACKETSTORMid:50441date:2006-10-03T01:14:36
db:PACKETSTORMid:49912date:2006-09-12T22:17:26
db:CNNVDid:CNNVD-200610-019date:2006-10-03T00:00:00
db:NVDid:CVE-2006-4397date:2006-10-03T04:02:00