CVE-2006-4399
https://notcve.org/view.php?id=CVE-2006-4399
User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended. Inconsistencia de interfaz de usuario en el Administrador de Grupos de Trabajo (Workgroup Manager) en Apple Mac OS X 10.4 hasta 10.4.7 aparece para permitir a los administradores cambiar el tipo de autenticación de contraseñas crypt a ShadowHash para cuentas en un servidor NetInfo padre, cuando dicha operación no está realmente soportada, lo cual podría resultar en una gestión de contraseñas menos segura de lo que se pretendía. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016958 http://www.kb.cert.org/vuls/id/847468 http://www.osvdb.org/29276 http://www.securityfocus.com/bid/20271 http://www.us-cert.gov/cas/techalerts/TA06-275A.html http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29302 •
CVE-2006-4395
https://notcve.org/view.php?id=CVE-2006-4395
Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation." Vulnerabilidad no especificada en Quickdraw Manager en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.7 permite a atacantes (locales o remotos dependiendo del contexto) provocar una denegación de servicio ("corrupción de memoria" y caída) mediante una imagen PICT creada artesanalmente que no es manejada adecuadamente por una determinada "operación QuickDraw no soportada". • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016956 http://www.kb.cert.org/vuls/id/346396 http://www.osvdb.org/29274 http://www.securityfocus.com/bid/20271 http://www.us-cert.gov/cas/techalerts/TA06-275A.html http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29299 •
CVE-2006-4387
https://notcve.org/view.php?id=CVE-2006-4387
Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications. Apple Mac OS X 10.4 hasta la 10.4.7, cuando un administrador quita en la caja de selección "Permitir al usuario administrador su ordenador" en System Preferences para un usuario, no mueve la cuenta de usuario desde los grupos appserveradm o appserverusr, lo cual todavia permite al usuario manejar aplicaciones WebObjects. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016955 http://www.osvdb.org/29273 http://www.securityfocus.com/bid/20271 http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29296 •
CVE-2006-4391
https://notcve.org/view.php?id=CVE-2006-4391
Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image. Desbordamiento de búfer en Apple ImageIO sobre Apple Mac OS X 10.4 hasta la 10.4.7 permite a un atacante remoto ejecutar código de su elección a través de una imagen JPEG2000 mal formada. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016953 http://www.kb.cert.org/vuls/id/546772 http://www.osvdb.org/29268 http://www.securityfocus.com/bid/20271 http://www.us-cert.gov/cas/techalerts/TA06-275A.html http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29280 •
CVE-2006-4393
https://notcve.org/view.php?id=CVE-2006-4393
Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users. Vulnerabilidad no especificada en LoginWindow en Apple Mac OS X 10.4 hasta 10.4.7, cuando el Cambio Rápido de Usuario está habilitado, permite a usuarios locales obtener acceso a las credenciales Kerberos de otros usuarios. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016959 http://www.osvdb.org/29271 http://www.securityfocus.com/bid/20271 http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29290 •