Apple Mac OS X 2006-007 Multiple Security Vulnerabilities
BID:21335
Info
Apple Mac OS X 2006-007 Multiple Security Vulnerabilities
| Bugtraq ID: | 21335 |
| Class: | Unknown |
| CVE: |
CVE-2006-4396 CVE-2006-4398 CVE-2006-4400 CVE-2006-4401 CVE-2006-4402 CVE-2006-4403 CVE-2006-4404 CVE-2006-4406 CVE-2006-4407 CVE-2006-4408 CVE-2006-4409 CVE-2006-4410 CVE-2006-4411 CVE-2006-4412 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 28 2006 12:00AM |
| Updated: | Nov 30 2006 08:25PM |
| Credit: | The vendor disclosed some of these issues. The following people are credited with the discovery of these issues: Benjamin Williams of the University of Canterbury, Mu Security, Eric Cronin of gizmolabs, Dr. Stephen N. Henson of Open Network Security, Tim |
| Vulnerable: |
Cosmicperl Directory Pro 10.0.3 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 |
| Not Vulnerable: | |
Discussion
Apple Mac OS X 2006-007 Multiple Security Vulnerabilities
Apple Mac OS X is prone to multiple security vulnerabilities.
These issue affect Mac OS X and various applications including Apple Type Services, CFNetwork, Finder, FTPD, Installer, PPP, Security Framework, VPN, and WebKit. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present.
Apple Mac OS X 10.4.8 and prior versions are vulnerable to these issues.
Apple Mac OS X is prone to multiple security vulnerabilities.
These issue affect Mac OS X and various applications including Apple Type Services, CFNetwork, Finder, FTPD, Installer, PPP, Security Framework, VPN, and WebKit. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present.
Apple Mac OS X 10.4.8 and prior versions are vulnerable to these issues.
Exploit / POC
Apple Mac OS X 2006-007 Multiple Security Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Some of these issues may not require specific exploit code.
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Some of these issues may not require specific exploit code.
Solution / Fix
Apple Mac OS X 2006-007 Multiple Security Vulnerabilities
Solution:
The vendor has released a security advisory to address these issues.
Please see the referenced advisory for further information.
Solution:
The vendor has released a security advisory to address these issues.
Please see the referenced advisory for further information.
References
Apple Mac OS X 2006-007 Multiple Security Vulnerabilities
References:
References:
- About the security content of Security Update 2006-007 (Apple)
- Apple Security Updates (Apple)
- Mac OS X Homepage (Apple)
- Pre-Authentication Vulnerability in Mac OSX kernel PPP driver [MU-200611-01] (Mu Security)
- US-CERT Technical Cyber Security Alert TA06-333A -- Apple Releases Security Upda (US-CERT)