Details of VAR-200611-0468

ID

VAR-200611-0468

CVE

CVE-2006-6126

TITLE

Apple Mac OS X Mach-O Binary Loading Privilege Escalation Vulnerability

Trust: 0.9

sources: BID: 21272 // CNNVD: CNNVD-200611-423

DESCRIPTION

Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure. Apple Mac OS X is prone to privilege-escalation vulnerability. This issue occurs when the operating system fails to handle specially crafted binaries. A successful exploit would allow a local attacker to execute arbitrary code with kernel-level privileges. A successful exploit would lead to the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition

Trust: 1.98

sources: NVD: CVE-2006-6126 // JVNDB: JVNDB-2006-001628 // BID: 21272 // VULHUB: VHN-22234

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3

sources: BID: 21272 // JVNDB: JVNDB-2006-001628 // CNNVD: CNNVD-200611-423 // NVD: CVE-2006-6126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-6126
value:	LOW
Trust: 1.0
NVD:	CVE-2006-6126
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-200611-423
value:	LOW
Trust: 0.6
VULHUB:	VHN-22234
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2006-6126
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-22234
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-22234 // JVNDB: JVNDB-2006-001628 // CNNVD: CNNVD-200611-423 // NVD: CVE-2006-6126

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6126

THREAT TYPE

local

Trust: 0.9

sources: BID: 21272 // CNNVD: CNNVD-200611-423

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 21272 // CNNVD: CNNVD-200611-423

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001628

PATCH

title:

Security Update 2007-003 / Mac OS X v10.4.9

url:

http://support.apple.com/kb/TA24626

Trust: 0.8

sources: JVNDB: JVNDB-2006-001628

EXTERNAL IDS

db:	NVD	id:	CVE-2006-6126	Trust: 2.5
db:	BID	id:	21272	Trust: 2.0
db:	VUPEN	id:	ADV-2006-4714	Trust: 1.7
db:	OSVDB	id:	30740	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-001628	Trust: 0.8
db:	CNNVD	id:	CNNVD-200611-423	Trust: 0.7
db:	XF	id:	30549	Trust: 0.6
db:	VULHUB	id:	VHN-22234	Trust: 0.1

sources: VULHUB: VHN-22234 // BID: 21272 // JVNDB: JVNDB-2006-001628 // CNNVD: CNNVD-200611-423 // NVD: CVE-2006-6126

REFERENCES

url:	http://www.securityfocus.com/bid/21272	Trust: 1.7
url:	http://projects.info-pull.com/mokb/mokb-23-11-2006.html	Trust: 1.7
url:	http://www.osvdb.org/30740	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/4714	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/30549	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6126	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6126	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/30549	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/4714	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://kernelfun.blogspot.com/2006/11/mokb-23-11-2006-mac-os-x-mach-o-binary.html	Trust: 0.3

sources: VULHUB: VHN-22234 // BID: 21272 // JVNDB: JVNDB-2006-001628 // CNNVD: CNNVD-200611-423 // NVD: CVE-2006-6126

CREDITS

LMH

Trust: 0.6

sources: CNNVD: CNNVD-200611-423

SOURCES

db:	VULHUB	id:	VHN-22234
db:	BID	id:	21272
db:	JVNDB	id:	JVNDB-2006-001628
db:	CNNVD	id:	CNNVD-200611-423
db:	NVD	id:	CVE-2006-6126

LAST UPDATE DATE

2024-08-14T12:44:06.826000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-22234	date:	2017-07-29T00:00:00
db:	BID	id:	21272	date:	2006-11-28T04:25:00
db:	JVNDB	id:	JVNDB-2006-001628	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200611-423	date:	2006-11-27T00:00:00
db:	NVD	id:	CVE-2006-6126	date:	2017-07-29T01:29:20.453

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-22234	date:	2006-11-27T00:00:00
db:	BID	id:	21272	date:	2006-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2006-001628	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200611-423	date:	2006-11-26T00:00:00
db:	NVD	id:	CVE-2006-6126	date:	2006-11-27T00:07:00