CVSS: 5.1EPSS: 6%CPEs: 1EXPL: 0CVE-2006-4402
https://notcve.org/view.php?id=CVE-2006-4402
Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files. Desbordamiento de búfer basados en pila en el Finder del Apple Mac OS X 10.4.8 y versiones anteriores, permite a atacantes con la intervención del usuario ejecutar código de su elección mirando los directorios que contienen ficheros .DS_Store manipulados. • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017304 http://www.kb.cert.org/vuls/id/258744 http://www.osvdb.org/30735 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 https://exchange.xforce.ibmcloud.com/vulnerabilities/30617 •
CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0CVE-2006-4407
https://notcve.org/view.php?id=CVE-2006-4407
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. El subsistema de seguridad de Apple Mac OS X 10.3.x hasta 10.3.9 no prioriza adecuadamente el cifrado de encriptación cuando negocia cifrado compartido fuerte, lo cual provoca Transporte Seguro al usuario, un cifrado más débil que facilita a atacantes remotos desencriptar el tráfico. • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017298 http://www.kb.cert.org/vuls/id/734032 http://www.osvdb.org/30731 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-4404
https://notcve.org/view.php?id=CVE-2006-4404
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. El instalador de aplicaciones en Apple Mac OS X 10.4.8 y anteriores, al ser usado por un usuario con credenciales de administrador, no verifica el usuario antes de instalar cierto software que requiere privilegios de sistema. • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017304 http://www.osvdb.org/30733 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 •
CVSS: 9.3EPSS: 92%CPEs: 6EXPL: 0CVE-2006-5051 – unsafe GSSAPI signal handler
https://notcve.org/view.php?id=CVE-2006-5051
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. Condición de carrera en el manejador de señal OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario si la autenticación GSSAPI está habilitada, a través de vectores no especificados que conducen a una doble liberación. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 http://openssh.org/txt/release-4.4 http://secunia.com/advisories& • CWE-415: Double Free •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2006-4887
https://notcve.org/view.php?id=CVE-2006-4887
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it. Apple Remote Desktop (ARD) para Mac OS X 10.2.8 y posteriores no quita privilegios en la máquina remota al instalar ciertas aplicaciones, lo cual permite a usuarios locales evitar la autenticación y obtener privilegios seleccionando el icono durante la instalación. NOTA: Se podría discutir que esta vulnerabilidad no se produce en el mismo Remote Desktop, si no en aplicaciones que son instaladas cuando se está usando. • http://www.osvdb.org/32260 http://www.securityfocus.com/archive/1/446371/100/0/threaded http://www.securityfocus.com/archive/1/446751/100/0/threaded http://www.securityfocus.com/archive/1/447043/100/0/threaded http://www.securityfocus.com/bid/20092 https://exchange.xforce.ibmcloud.com/vulnerabilities/29060 •