APPLE-SA-2006-05-11

20077

1016081

25591

17951

TA06-132A

ADV-2006-1779

macos-launchservices-security-bypass(26416)

The remote host is running Apple Mac OS X, but lacks Security Update 2006-003.

This security update contains fixes for the following applications :

AppKit ImageIO BOM CFNetwork ClamAV (Mac OS X Server only) CoreFoundation CoreGraphics Finder FTPServer Flash Player KeyCHain LaunchServices libcurl Mail MySQL Manager (Mac OS X Server only) Preview QuickDraw QuickTime Streaming Server Ruby Safari

The remote host is running Apple Mac OS X, but lacks Security Update 2006-003. This security update contains fixes for the following applications :
AppKit
ImageIO
BOM
CFNetwork
ClamAV (Mac OS X Server only)
CoreFoundation
CoreGraphics
Finder
FTPServer
Flash Player
KeyChain
LaunchServices
libcurl
Mail
MySQL Manager (Mac OS X Server only)
Preview
QuickDraw
QuickTime Streaming Server
Ruby
Safari

The remote Mac OS X host is running a version of Quicktime prior to 7.1.  The remote version of Quicktime is vulnerable to various integer and buffer overflows involving specially-crafted image and media files.  An attacker may be able to leverage these issues to execute arbitrary code on the remote host by sending a malformed file to a victim and having it opened using QuickTime player.

The remote host is using a version of curl (or libcurl) that is vulnerable to a remote buffer overflows. To exploit, an attacker would have to set up a rogue web server and entice a curl user into browsing to the malicious server.  Upon successful exploitation, the attacker would be able to execute arbitrary commands with the rights of the web server.

The remote host is running Apple Mac OS X, but lacks Security Update 2005-009. This security update contains fixes for the following applications :
- Apache2
- Apache_mod_ssl
- CoreFoundation
- curl
- iodbcadmintool
- OpenSSL
- passwordserver
- Safari
- sudo
- syslog

The remote host is using a version of curl (or libcurl) that is vulnerable to a remote buffer overflows. To exploit, an attacker would have to set up a rogue web server that would reply with a malicious NTLM authentication request.  Upon successful exploitation, the attacker would be able to execute arbitrary commands with the rights of the web server.

The remote host is using a version of wget that contains a flaw in the way that it handles NTLM authentication data.  Specifically, a rogue website that returns malformed data during an NTLM authentication session will be able to execute arbitrary code on the local client machine.

The remote host is running ClamAV, an antivirus application. There are a number of flaws that affect this version of ClamAV, and the vendor recommends upgrading to version 0.88.1 or higher.

ID	Name	Product	Family	Severity
21341	Mac OS X Multiple Vulnerabilities (Security Update 2006-003)	Nessus	MacOS X Local Security Checks	critical
3617	Mac OS X Multiple Vulnerabilities (Security Update 2006-003)	Nessus Network Monitor	Operating System Detection	medium
3616	Quicktime < 7.1 on Mac OS X Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
3318	Curl < 7.15.1 Multiple Remote Overflows	Nessus Network Monitor	Web Clients	critical
3308	Mac OS X Multiple Vulnerabilities (Security Update 2005-009)	Nessus Network Monitor	Operating System Detection	medium
3256	Curl NTLM Buffer Overflow	Nessus Network Monitor	Web Clients	medium
3255	GNU WGet < 1.10.2 Buffer Overflow	Nessus Network Monitor	Web Clients	medium
3505	ClamAV < 0.88.1 Multiple Vulnerabilities (deprecated)	Nessus Network Monitor	Web Clients	medium
801390	Curl NTLM Buffer Overflow	Log Correlation Engine	Web Clients	high
801386	Curl <= 7.15.0 Multiple Remote Overflows	Log Correlation Engine	Web Clients	high
801197	Quicktime < 7.1 on Mac OS X Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800982	GNU WGet < 1.10.2 Buffer Overflow	Log Correlation Engine	Web Clients	high
800798	Mac OS X Multiple Vulnerabilities (Security Update 2005-009)	Log Correlation Engine	Operating System Detection	high

CVE-2006-1447

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins