Details of VAR-200611-0488

ID

VAR-200611-0488

CVE

CVE-2006-6062

TITLE

Apple Mac OS X fails to properly handle corrupted UDTO HFS+ image structures

Trust: 0.8

sources: CERT/CC: VU#214040

DESCRIPTION

Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption. Apple Mac OS X fails to properly handle corrupted UDTO HFS+ image structures. This vulnerability may allow an attacker to cause a denial-of-service condition. Successfully exploiting this issue allows remote users to crash affected computers, denying service to legitimate users. Mac OS X version 10.4.8 is vulnerable to this issue; other versions may also be affected. Note: Further information from Alastair Houghton reports that this issue cannot be exploited to execute arbitrary code. See the references for details. Attackers may also be able to exploit this issue for remote code execution, but this is reportedly unlikely

Trust: 2.97

sources: NVD: CVE-2006-6062 // CERT/CC: VU#214040 // JVNDB: JVNDB-2006-000941 // BID: 21201 // BID: 21236 // VULHUB: VHN-22170

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4.8	Trust: 1.6
vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.3.9	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.4.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.3.9	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.4.8	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.8	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.4.9	Trust: 0.6
vendor:	apple	model:	mac os	scope:	ne	version:	x10.4.9	Trust: 0.6

sources: CERT/CC: VU#214040 // BID: 21201 // BID: 21236 // JVNDB: JVNDB-2006-000941 // CNNVD: CNNVD-200611-367 // NVD: CVE-2006-6062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-6062
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#214040
value:	5.57
Trust: 0.8
NVD:	CVE-2006-6062
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200611-367
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-22170
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-6062
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-22170
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#214040 // VULHUB: VHN-22170 // JVNDB: JVNDB-2006-000941 // CNNVD: CNNVD-200611-367 // NVD: CVE-2006-6062

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6062

THREAT TYPE

network

Trust: 0.6

sources: BID: 21201 // BID: 21236

TYPE

Boundary Condition Error

Trust: 1.2

sources: BID: 21201 // BID: 21236 // CNNVD: CNNVD-200611-367

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-000941

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-22170

PATCH

title:	Security Update 2007-003 (10.3.9 Client)	url:	http://www.apple.com/support/downloads/securityupdate20070031039client.html	Trust: 0.8
title:	Security Update 2007-003 (10.3.9 Server)	url:	http://www.apple.com/support/downloads/securityupdate20070031039server.html	Trust: 0.8
title:	Security Update 2007-003	url:	http://docs.info.apple.com/article.html?artnum=305214-en	Trust: 0.8
title:	Security Update 2007-003	url:	http://docs.info.apple.com/article.html?artnum=305214-ja	Trust: 0.8
title:	Security Update 2007-003 (10.3.9 Client)	url:	http://www.apple.com/jp/ftp-info/reference/securityupdate20070031039client.html	Trust: 0.8
title:	Security Update 2007-003 (10.3.9 Server)	url:	http://www.apple.com/jp/ftp-info/reference/securityupdate20070031039server.html	Trust: 0.8

sources: JVNDB: JVNDB-2006-000941

EXTERNAL IDS

db:	NVD	id:	CVE-2006-6062	Trust: 3.9
db:	BID	id:	21201	Trust: 3.6
db:	BID	id:	21236	Trust: 2.8
db:	SECUNIA	id:	23062	Trust: 2.5
db:	SECUNIA	id:	24479	Trust: 2.5
db:	SECTRACK	id:	1017751	Trust: 2.5
db:	USCERT	id:	TA07-072A	Trust: 2.5
db:	SECUNIA	id:	23012	Trust: 2.5
db:	OSVDB	id:	30510	Trust: 2.5
db:	CERT/CC	id:	VU#214040	Trust: 1.9
db:	VUPEN	id:	ADV-2006-4653	Trust: 1.7
db:	VUPEN	id:	ADV-2006-4629	Trust: 1.7
db:	VUPEN	id:	ADV-2007-0930	Trust: 1.7
db:	SECTRACK	id:	1017260	Trust: 1.7
db:	XF	id:	30463	Trust: 1.4
db:	USCERT	id:	SA07-072A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2006-000941	Trust: 0.8
db:	CNNVD	id:	CNNVD-200611-367	Trust: 0.7
db:	XF	id:	30440	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2007-03-13	Trust: 0.6
db:	CERT/CC	id:	TA07-072A	Trust: 0.6
db:	CERT/CC	id:	VU#367424	Trust: 0.3
db:	SEEBUG	id:	SSVID-82677	Trust: 0.1
db:	SEEBUG	id:	SSVID-82692	Trust: 0.1
db:	EXPLOIT-DB	id:	29144	Trust: 0.1
db:	EXPLOIT-DB	id:	29161	Trust: 0.1
db:	VULHUB	id:	VHN-22170	Trust: 0.1

sources: CERT/CC: VU#214040 // VULHUB: VHN-22170 // BID: 21201 // BID: 21236 // JVNDB: JVNDB-2006-000941 // CNNVD: CNNVD-200611-367 // NVD: CVE-2006-6062

REFERENCES

url:	http://www.securityfocus.com/bid/21201	Trust: 3.3
url:	http://projects.info-pull.com/mokb/mokb-21-11-2006.html	Trust: 2.5
url:	http://docs.info.apple.com/article.html?artnum=305214	Trust: 2.5
url:	http://www.securityfocus.com/bid/21236	Trust: 2.5
url:	http://www.us-cert.gov/cas/techalerts/ta07-072a.html	Trust: 2.5
url:	http://www.osvdb.org/30510	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce/2007/mar/msg00002.html	Trust: 1.7
url:	http://securitytracker.com/id?1017260	Trust: 1.7
url:	http://www.securitytracker.com/id?1017751	Trust: 1.7
url:	http://secunia.com/advisories/23012	Trust: 1.7
url:	http://secunia.com/advisories/23062	Trust: 1.7
url:	http://secunia.com/advisories/24479	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6062	Trust: 1.6
url:	http://www.frsirt.com/english/advisories/2006/4629	Trust: 1.4
url:	http://xforce.iss.net/xforce/xfdb/30463	Trust: 1.4
url:	http://www.vupen.com/english/advisories/2006/4629	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/4653	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/0930	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/30440	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/30463	Trust: 1.1
url:	http://www.kb.cert.org/vuls/id/214040	Trust: 1.1
url:	http://secunia.com/advisories/23062/	Trust: 0.8
url:	http://en.wikipedia.org/wiki/hfs_plus	Trust: 0.8
url:	http://secunia.com/advisories/24479/	Trust: 0.8
url:	http://securitytracker.com/alerts/2007/mar/1017751.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnta07-072a/index.html	Trust: 0.8
url:	http://jvn.jp/tr/trta07-072a/index.html	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-6062	Trust: 0.8
url:	http://secunia.com/advisories/23012/	Trust: 0.8
url:	http://www.us-cert.gov/cas/alerts/sa07-072a.html	Trust: 0.8
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/30440	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/4653	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/0930	Trust: 0.6
url:	http://alastairs-place.net/2006/11/dmg-vulnerability/	Trust: 0.3
url:	http://kernelfun.blogspot.com/2006/11/mokb-20-11-2006-mac-os-x-apple-udif.html	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/367424	Trust: 0.3
url:	http://kernelfun.blogspot.com/2006/11/mokb-21-11-2006-mac-os-x-apple-udto-hfs.html	Trust: 0.3

sources: CERT/CC: VU#214040 // VULHUB: VHN-22170 // BID: 21201 // BID: 21236 // JVNDB: JVNDB-2006-000941 // CNNVD: CNNVD-200611-367 // NVD: CVE-2006-6062

CREDITS

LMH <lmh@info-pull.com> discovered this issue.

Trust: 0.6

sources: BID: 21201 // BID: 21236

SOURCES

db:	CERT/CC	id:	VU#214040
db:	VULHUB	id:	VHN-22170
db:	BID	id:	21201
db:	BID	id:	21236
db:	JVNDB	id:	JVNDB-2006-000941
db:	CNNVD	id:	CNNVD-200611-367
db:	NVD	id:	CVE-2006-6062

LAST UPDATE DATE

2024-09-19T19:33:25.937000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#214040	date:	2007-03-22T00:00:00
db:	VULHUB	id:	VHN-22170	date:	2017-07-20T00:00:00
db:	BID	id:	21201	date:	2007-03-15T03:34:00
db:	BID	id:	21236	date:	2007-03-15T03:34:00
db:	JVNDB	id:	JVNDB-2006-000941	date:	2007-04-20T00:00:00
db:	CNNVD	id:	CNNVD-200611-367	date:	2006-11-28T00:00:00
db:	NVD	id:	CVE-2006-6062	date:	2017-07-20T01:34:10.853

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#214040	date:	2007-03-13T00:00:00
db:	VULHUB	id:	VHN-22170	date:	2006-11-22T00:00:00
db:	BID	id:	21201	date:	2006-11-20T00:00:00
db:	BID	id:	21236	date:	2006-11-21T00:00:00
db:	JVNDB	id:	JVNDB-2006-000941	date:	2007-04-20T00:00:00
db:	CNNVD	id:	CNNVD-200611-367	date:	2006-11-21T00:00:00
db:	NVD	id:	CVE-2006-6062	date:	2006-11-22T01:07:00