Vulnerabilities > CVE-2006-0395 - Unspecified vulnerability in Apple mac OS X and mac OS X Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 |
Exploit-Db
description Mail.App 10.5.0 Image Attachment Command Execution (OS X). CVE-2006-0395. Remote exploit for osx platform id EDB-ID:9929 last seen 2016-02-01 modified 2006-03-01 published 2006-03-01 reporter H D Moore source https://www.exploit-db.com/download/9929/ title Mail.App 10.5.0 - Image Attachment Command Execution OS X description Mail.app Image Attachment Command Execution. CVE-2006-0395,CVE-2007-6165. Remote exploits for multiple platform id EDB-ID:16870 last seen 2016-02-02 modified 2011-03-05 published 2011-03-05 reporter metasploit source https://www.exploit-db.com/download/16870/ title Mail.app Image Attachment Command Execution
Metasploit
description | This module exploits a command execution vulnerability in the Mail.app application shipped with Mac OS X 10.5.0. This flaw was patched in 10.4 in March of 2007, but reintroduced into the final release of 10.5. |
id | MSF:EXPLOIT/OSX/EMAIL/MAILAPP_IMAGE_EXEC |
last seen | 2020-01-08 |
modified | 2017-07-24 |
published | 2007-11-26 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/osx/email/mailapp_image_exec.rb |
title | Mail.app Image Attachment Command Execution |
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_SECUPD2006-001.NASL |
description | The remote host is running Apple Mac OS X, but lacks Security Update 2006-001. This security update contains fixes for the following applications : apache_mod_php automount Bom Directory Services iChat IPSec LaunchServices LibSystem loginwindow Mail rsync Safari Syndication |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20990 |
published | 2006-03-02 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20990 |
title | Mac OS X Multiple Vulnerabilities (Security Update 2006-001) |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/82307/mailapp_image_exec.rb.txt |
id | PACKETSTORM:82307 |
last seen | 2016-12-05 |
published | 2009-10-28 |
reporter | H D Moore |
source | https://packetstormsecurity.com/files/82307/Mail.app-Image-Attachment-Command-Execution.html |
title | Mail.app Image Attachment Command Execution |
References
- http://docs.info.apple.com/article.html?artnum=303382
- http://docs.info.apple.com/article.html?artnum=303382
- http://lists.apple.com/archives/client-management/2006/Mar/msg00030.html
- http://lists.apple.com/archives/client-management/2006/Mar/msg00030.html
- http://secunia.com/advisories/19064
- http://secunia.com/advisories/19064
- http://www.osvdb.org/23645
- http://www.osvdb.org/23645
- http://www.securityfocus.com/bid/16907
- http://www.securityfocus.com/bid/16907
- http://www.us-cert.gov/cas/techalerts/TA06-062A.html
- http://www.us-cert.gov/cas/techalerts/TA06-062A.html
- http://www.vupen.com/english/advisories/2006/0791
- http://www.vupen.com/english/advisories/2006/0791
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25027
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25027