CVE-2006-6061
https://notcve.org/view.php?id=CVE-2006-6061
com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address. com.apple.AppleDiskImagecontroller en Apple Mac OS X 10.4.8, y posiblemente otras versiones, permite a atacantes remotos ejecutar código de su elección mediante una imagen DMG mal formada que provoca una corrupción de memoria. NOTA: la severidad de este asunto ha sido impugnada por una tercera parte, la cual afirma que el impacto está limitado a una denegación de servicio (error irrecuperable en el núcleo del sistema, kernel panic) debido a una llamada vm_faultcon una dirección no alineada. • http://alastairs-place.net/2006/11/dmg-vulnerability http://docs.info.apple.com/article.html?artnum=305214 http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://projects.info-pull.com/mokb/MOKB-20-11-2006.html http://secunia.com/advisories/23012 http://secunia.com/advisories/24479 http://securitytracker.com/id?1017260 http://www.kb.cert.org/vuls/id/367424 http://ww •
CVE-2006-5051 – unsafe GSSAPI signal handler
https://notcve.org/view.php?id=CVE-2006-5051
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. Condición de carrera en el manejador de señal OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario si la autenticación GSSAPI está habilitada, a través de vectores no especificados que conducen a una doble liberación. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 http://openssh.org/txt/release-4.4 http://secunia.com/advisories& • CWE-415: Double Free •
CVE-2006-3507 – Apple Mac OSX 10.x - AirPort Wireless Driver Multiple Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-3507
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network. Múltiples desbordamientos de búfer basados en pila en el controlador wireless AirPort en Apple Mac OS X 10.3.9 y 10.4.7 permiten a atacantes físicamente próximos ejecutar código de su elección inyectando tramas artesanales dentro de la red wireless. • https://www.exploit-db.com/exploits/28643 http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html http://secunia.com/advisories/22068 http://securitytracker.com/id?1016903 http://www.kb.cert.org/vuls/id/867796 http://www.securityfocus.com/bid/20144 http://www.vupen.com/english/advisories/2006/3737 •
CVE-2006-3509
https://notcve.org/view.php?id=CVE-2006-3509
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames. Desbordamiento de enteros en la API para el controlador de AirPort Wireless sobre Apple Mac OS X 10.4.7 que permitirían a un atacante cercano fisicamente provocar denegación de serivicio(caida) o ejecutar código de su elección con un software de terceros que utiliza el API a través de marcos artesanales. • http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html http://secunia.com/advisories/22068 http://securitytracker.com/id?1016903 http://www.kb.cert.org/vuls/id/563492 http://www.securityfocus.com/bid/20144 http://www.vupen.com/english/advisories/2006/3737 •
CVE-2006-3508
https://notcve.org/view.php?id=CVE-2006-3508
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates. Desbordamiento de búfer basado en montón en el controlador wireless AirPort en Apple Mac OS X 10.4.7 permite a atacantes físicamente próximos provocar una denegación de servicio (caída), obteniendo privilegios, y ejecutando código de su elección mediante una trama artesanal que no es manejada adecuadamente durante las actualizaciones de escaneo de cache. • http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html http://secunia.com/advisories/22068 http://securitytracker.com/id?1016903 http://www.kb.cert.org/vuls/id/589540 http://www.securityfocus.com/bid/20144 http://www.vupen.com/english/advisories/2006/3737 •