Sign-up

ID

VAR-200611-0471


CVE

CVE-2006-6129


TITLE

Apple Mac OS X fails to properly handle corrupted Universal Mach-O Binaries

Trust: 0.8

sources: CERT/CC: VU#346656

DESCRIPTION

Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption. Apple Mac OS X is prone to a local integer-overflow vulnerability. This issue occurs when the operating system fails to handle specially crafted binaries. A successful exploit would allow a local attacker to execute arbitrary code with kernel-level privileges, leading to the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. A remote attacker may use this vulnerability to execute arbitrary instructions on the user's machine. If a local unprivileged user is tricked into opening a specially crafted Mach-O universal binary, it could lead to arbitrary kernel mode code execution

Trust: 2.79

sources: NVD: CVE-2006-6129 // CERT/CC: VU#346656 // JVNDB: JVNDB-2006-001629 // BID: 21291 // VULHUB: VHN-22237 // VULMON: CVE-2006-6129

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.4.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.8

Trust: 1.6

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope: - version: -

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

sources: CERT/CC: VU#346656 // BID: 21291 // JVNDB: JVNDB-2006-001629 // CNNVD: CNNVD-200611-413 // NVD: CVE-2006-6129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-6129
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#346656
value: 17.10

Trust: 0.8

NVD: CVE-2006-6129
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200611-413
value: MEDIUM

Trust: 0.6

VULHUB: VHN-22237
value: MEDIUM

Trust: 0.1

VULMON: CVE-2006-6129
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-6129
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-22237
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#346656 // VULHUB: VHN-22237 // VULMON: CVE-2006-6129 // JVNDB: JVNDB-2006-001629 // CNNVD: CNNVD-200611-413 // NVD: CVE-2006-6129

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6129

THREAT TYPE

local

Trust: 0.9

sources: BID: 21291 // CNNVD: CNNVD-200611-413

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200611-413

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001629

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-22237 // 
            
            
            
            VULMON: CVE-2006-6129

PATCH
title:APPLE-SA-2007-03-13url:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001629

EXTERNAL IDS
db:BIDid:21291
Trust: 2.9
db:NVDid:CVE-2006-6129
Trust: 2.9
db:SECUNIAid:24479
Trust: 2.6
db:SECUNIAid:23088
Trust: 2.6
db:SECTRACKid:1017751
Trust: 2.6
db:USCERTid:TA07-072A
Trust: 2.6
db:VUPENid:ADV-2007-0930
Trust: 1.8
db:VUPENid:ADV-2006-4714
Trust: 1.8
db:OSVDBid:30706
Trust: 1.8
db:CERT/CCid:VU#346656
Trust: 1.2
db:JVNDBid:JVNDB-2006-001629
Trust: 0.8
db:CNNVDid:CNNVD-200611-413
Trust: 0.7
db:APPLEid:APPLE-SA-2007-03-13
Trust: 0.6
db:XFid:30547
Trust: 0.6
db:CERT/CCid:TA07-072A
Trust: 0.6
db:EXPLOIT-DBid:29190
Trust: 0.2
db:SEEBUGid:SSVID-82718
Trust: 0.1
db:VULHUBid:VHN-22237
Trust: 0.1
db:VULMONid:CVE-2006-6129
Trust: 0.1
sources:
            
            
            CERT/CC: VU#346656 // 
            
            
            
            VULHUB: VHN-22237 // 
            
            
            
            VULMON: CVE-2006-6129 // 
            
            
            
            BID: 21291 // 
            
            
            
            JVNDB: JVNDB-2006-001629 // 
            
            
            
            CNNVD: CNNVD-200611-413 // 
            
            
            
            NVD: CVE-2006-6129

REFERENCES
url:http://projects.info-pull.com/mokb/mokb-26-11-2006.html
Trust: 2.9
url:http://docs.info.apple.com/article.html?artnum=305214
Trust: 2.6
url:http://www.securityfocus.com/bid/21291
Trust: 2.6
url:http://www.us-cert.gov/cas/techalerts/ta07-072a.html
Trust: 2.6
url:http://lists.apple.com/archives/security-announce/2007/mar/msg00002.html
Trust: 1.8
url:http://www.osvdb.org/30706
Trust: 1.8
url:http://www.securitytracker.com/id?1017751
Trust: 1.8
url:http://secunia.com/advisories/23088
Trust: 1.8
url:http://secunia.com/advisories/24479
Trust: 1.8
url:http://www.vupen.com/english/advisories/2006/4714
Trust: 1.2
url:http://www.vupen.com/english/advisories/2007/0930
Trust: 1.2
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/30547
Trust: 1.2
url:http://projects.info-pull.com/mokb/bug-files/mokb-26-11-2006.bz2
Trust: 0.8
url:http://secunia.com/advisories/23088/
Trust: 0.8
url:http://secunia.com/advisories/24479/
Trust: 0.8
url:http://securitytracker.com/alerts/2007/mar/1017751.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6129
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6129
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/30547
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/0930
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/4714
Trust: 0.6
url:http://www.kb.cert.org/vuls/id/346656
Trust: 0.4
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://kernelfun.blogspot.com/2006/11/notes-on-mokb-26-11-2006-otool-affected.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/apple-osx-kernel-cve-2006-6129
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/29190/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#346656 // 
            
            
            
            VULHUB: VHN-22237 // 
            
            
            
            VULMON: CVE-2006-6129 // 
            
            
            
            BID: 21291 // 
            
            
            
            JVNDB: JVNDB-2006-001629 // 
            
            
            
            CNNVD: CNNVD-200611-413 // 
            
            
            
            NVD: CVE-2006-6129

CREDITS
LMH lmh@info-pull.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200611-413

SOURCES
db:CERT/CCid:VU#346656
db:VULHUBid:VHN-22237
db:VULMONid:CVE-2006-6129
db:BIDid:21291
db:JVNDBid:JVNDB-2006-001629
db:CNNVDid:CNNVD-200611-413
db:NVDid:CVE-2006-6129

LAST UPDATE DATE
2024-09-19T21:27:25.951000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#346656date:2007-03-30T00:00:00
db:VULHUBid:VHN-22237date:2017-07-29T00:00:00
db:VULMONid:CVE-2006-6129date:2017-07-29T00:00:00
db:BIDid:21291date:2007-03-15T03:34:00
db:JVNDBid:JVNDB-2006-001629date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200611-413date:2006-11-27T00:00:00
db:NVDid:CVE-2006-6129date:2017-07-29T01:29:20.607

SOURCES RELEASE DATE
db:CERT/CCid:VU#346656date:2007-03-14T00:00:00
db:VULHUBid:VHN-22237date:2006-11-27T00:00:00
db:VULMONid:CVE-2006-6129date:2006-11-27T00:00:00
db:BIDid:21291date:2006-11-26T00:00:00
db:JVNDBid:JVNDB-2006-001629date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200611-413date:2006-11-26T00:00:00
db:NVDid:CVE-2006-6129date:2006-11-27T00:07:00