Vulnerabilities > CVE-2006-1442 - Multiple vulnerability in Apple Mac OS X Security Update 2006-003
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary code from an untrusted bundle. This vulnerability is addressed in the following product release: Apple, Mac OS X, 10.4.6 (2006-003)
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 |
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_SECUPD2006-003.NASL |
description | The remote host is running Apple Mac OS X, but lacks Security Update 2006-003. This security update contains fixes for the following applications : AppKit ImageIO BOM CFNetwork ClamAV (Mac OS X Server only) CoreFoundation CoreGraphics Finder FTPServer Flash Player KeyCHain LaunchServices libcurl Mail MySQL Manager (Mac OS X Server only) Preview QuickDraw QuickTime Streaming Server Ruby Safari |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21341 |
published | 2006-05-12 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21341 |
title | Mac OS X Multiple Vulnerabilities (Security Update 2006-003) |
code |
|
References
- http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
- http://secunia.com/advisories/20077
- http://securitytracker.com/id?1016080
- http://www.osvdb.org/25586
- http://www.securityfocus.com/bid/17951
- http://www.us-cert.gov/cas/techalerts/TA06-132A.html
- http://www.vupen.com/english/advisories/2006/1779
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26407