Details of VAR-200612-0639

ID

VAR-200612-0639

CVE

CVE-2006-6353

TITLE

Apple BOMArchiveHelper Multiple Remote Archive File Vulnerabilities

Trust: 0.9

sources: BID: 21446 // CNNVD: CNNVD-200612-086

DESCRIPTION

Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer". Mac OS X of BOMArchiveHelper There is a service disruption ( Application crash ) There is a vulnerability that becomes a condition. This vulnerability "iSec Partners FileP fuzzer" It was discovered inDenial of service by attacker ( Application crash ) There is a possibility of being put into a state. The BOMArchiveHelper application is prone to multiple remote vulnerabilities when processing malformed files. Attackers may be able to exploit one or more of these issues to execute code, but this has not been confirmed. Note that these issues were discovered by using a file-fuzzing application, but have not been researched further. This BID will be updated as more information is released

Trust: 1.98

sources: NVD: CVE-2006-6353 // JVNDB: JVNDB-2006-001699 // BID: 21446 // VULHUB: VHN-22461

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4.8	Trust: 1.6
vendor:	apple	model:	bomarchivehelper	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	bomarchivehelper	scope:	-	version:	-	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	cosmicperl	model:	directory pro	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.03	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3

sources: BID: 21446 // JVNDB: JVNDB-2006-001699 // CNNVD: CNNVD-200612-086 // NVD: CVE-2006-6353

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-6353
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-6353
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200612-086
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-22461
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-6353
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-22461
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-22461 // JVNDB: JVNDB-2006-001699 // CNNVD: CNNVD-200612-086 // NVD: CVE-2006-6353

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6353

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200612-086

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200612-086

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001699

PATCH

title:

Top Page

url:

http://www.apple.com/macosx/

Trust: 0.8

sources: JVNDB: JVNDB-2006-001699

EXTERNAL IDS

db:	NVD	id:	CVE-2006-6353	Trust: 2.5
db:	BID	id:	21446	Trust: 2.0
db:	JVNDB	id:	JVNDB-2006-001699	Trust: 0.8
db:	CNNVD	id:	CNNVD-200612-086	Trust: 0.7
db:	VULHUB	id:	VHN-22461	Trust: 0.1

sources: VULHUB: VHN-22461 // BID: 21446 // JVNDB: JVNDB-2006-001699 // CNNVD: CNNVD-200612-086 // NVD: CVE-2006-6353

REFERENCES

url:	http://security-protocols.com/2006/12/04/bomarchivehelper-needs-some-lovin/	Trust: 2.0
url:	http://www.securityfocus.com/bid/21446	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6353	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6353	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-22461 // BID: 21446 // JVNDB: JVNDB-2006-001699 // CNNVD: CNNVD-200612-086 // NVD: CVE-2006-6353

CREDITS

Tom Ferris discovered these issues.

Trust: 0.9

sources: BID: 21446 // CNNVD: CNNVD-200612-086

SOURCES

db:	VULHUB	id:	VHN-22461
db:	BID	id:	21446
db:	JVNDB	id:	JVNDB-2006-001699
db:	CNNVD	id:	CNNVD-200612-086
db:	NVD	id:	CVE-2006-6353

LAST UPDATE DATE

2024-08-14T15:09:36.646000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-22461	date:	2008-09-05T00:00:00
db:	BID	id:	21446	date:	2006-12-05T19:14:00
db:	JVNDB	id:	JVNDB-2006-001699	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200612-086	date:	2006-12-07T00:00:00
db:	NVD	id:	CVE-2006-6353	date:	2008-09-05T21:14:31.753

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-22461	date:	2006-12-07T00:00:00
db:	BID	id:	21446	date:	2006-12-05T00:00:00
db:	JVNDB	id:	JVNDB-2006-001699	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200612-086	date:	2006-12-06T00:00:00
db:	NVD	id:	CVE-2006-6353	date:	2006-12-07T01:28:00