Details of VAR-200510-0403

ID

VAR-200510-0403

CVE

CVE-2006-1458

TITLE

Ruby safe-level security model bypass

Trust: 0.8

sources: CERT/CC: VU#160012

DESCRIPTION

Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. Apple QuickTime fails to properly handle JPEG images. Apple Quicktime Has multiple vulnerabilities. For more information, see the information provided by the vendor. These issues affect both Mac OS X and Microsoft Windows releases of the software. Successful exploits will result in the execution of arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. CVE-2006-1461 An attacker can create a specially crafted Flash movie to trigger a buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1462, CVE-2006-1463 An attacker can create a specially crafted H.264 movie to trigger integer overflow or buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1464 An attacker can create a specially crafted MPEG4 movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1465 An attacker can create a specially crafted AVI movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1453, CVE-2006-1454 QuickDraw has two vulnerabilities when processing malformed PICT files. Malformed font information may cause stack overflow, and malformed graphics data may cause heap overflow. An attacker can create specially crafted PICT graphics. CVE-2006-2238 An attacker can create a specially crafted BMP graphic to trigger a buffer overflow, causing arbitrary commands to be executed with user privileges or denial of service. TITLE: Mandriva update for ruby SECUNIA ADVISORY ID: SA17285 VERIFY ADVISORY: http://secunia.com/advisories/17285/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Mandrake Corporate Server 2.x http://secunia.com/product/1222/ Mandrakelinux 10.1 http://secunia.com/product/4198/ DESCRIPTION: Mandriva has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA16904 SOLUTION: Apply updated packages. Mandrakelinux 10.1: 013e98f0b0a09acd8c48b5d438c4e151 10.1/RPMS/ruby-1.8.1-4.4.101mdk.i586.rpm 479e965b6302bd0e74b8699f0a7b9f46 10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.i586.rpm b5654a6d4bab0b5a33e3e65fdb8bab52 10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.i586.rpm 2294bfd6f57ebc2cc6eb353e4a62a4b5 10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.i586.rpm 5407dfbbb45af31d3ffa53f120773f77 10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm Mandrakelinux 10.1/X86_64: b8347f871a62a176f049cbe010e298ce x86_64/10.1/RPMS/ruby-1.8.1-4.4.101mdk.x86_64.rpm b9ac7ecba0bc317869795146cf3cc5a4 x86_64/10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.x86_64.rpm 7803195d658cdf63324f8bf54753018e x86_64/10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.x86_64.rpm 0f6cb61b12453673ef4a7fb99b6069af x86_64/10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.x86_64.rpm 5407dfbbb45af31d3ffa53f120773f77 x86_64/10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm Corporate Server 2.1: 2aa9219b24bbcf8673df418eb373881b corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.i586.rpm e5b4282401bf2c0794d14b52d7c6c319 corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.i586.rpm e72d411868d4ca8d7a05ba2e0baee926 corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.i586.rpm c795d629e28719f7fe1e8a1619805fdc corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.i586.rpm 61457cb16d1b24e1c31a10c687af94ef corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm Corporate Server 2.1/X86_64: d477751b1302ec7c5f271fe9597216fa x86_64/corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.x86_64.rpm b7ac888d722dc6fb8c5b9b9207e34ea3 x86_64/corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.x86_64.rpm 27a29077b76158382c514b965fdf614f x86_64/corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.x86_64.rpm 0e4752d11d67acdabc4561c37c41511e x86_64/corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.x86_64.rpm 61457cb16d1b24e1c31a10c687af94ef x86_64/corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm ORIGINAL ADVISORY: http://www.mandriva.com/security/advisories?name=MDKSA-2005:191 OTHER REFERENCES: SA16904: http://secunia.com/advisories/16904/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.51

sources: NVD: CVE-2006-1458 // CERT/CC: VU#160012 // CERT/CC: VU#289705 // JVNDB: JVNDB-2006-000965 // BID: 17953 // VULHUB: VHN-17566 // PACKETSTORM: 40845

AFFECTED PRODUCTS

vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.4	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.3	Trust: 1.6
vendor:	red hat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ruby	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	quicktime	scope:	lt	version:	7.1	Trust: 0.8
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.5	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	ne	version:	7.1	Trust: 0.3

sources: CERT/CC: VU#160012 // CERT/CC: VU#289705 // BID: 17953 // CNNVD: CNNVD-200510-060 // JVNDB: JVNDB-2006-000965 // NVD: CVE-2006-1458

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-1458
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#160012
value:	2.57
Trust: 0.8
CARNEGIE MELLON:	VU#289705
value:	17.71
Trust: 0.8
NVD:	CVE-2006-1458
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200510-060
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-17566
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-1458
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-17566
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#160012 // CERT/CC: VU#289705 // VULHUB: VHN-17566 // CNNVD: CNNVD-200510-060 // JVNDB: JVNDB-2006-000965 // NVD: CVE-2006-1458

PROBLEMTYPE DATA

problemtype:

CWE-189

Trust: 1.1

sources: VULHUB: VHN-17566 // NVD: CVE-2006-1458

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200510-060

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200510-060

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-000965

PATCH

title:	TA24130	url:	http://support.apple.com/kb/TA24130	Trust: 0.8
title:	TA24130	url:	http://support.apple.com/kb/TA24130?viewlocale=ja_JP	Trust: 0.8
title:	TA06-132B	url:	http://software.fujitsu.com/jp/security/vulnerabilities/ta06-132b.html	Trust: 0.8

sources: JVNDB: JVNDB-2006-000965

EXTERNAL IDS

db:	NVD	id:	CVE-2006-1458	Trust: 2.8
db:	CERT/CC	id:	VU#289705	Trust: 2.7
db:	BID	id:	17953	Trust: 2.2
db:	SECUNIA	id:	20069	Trust: 1.9
db:	USCERT	id:	TA06-132B	Trust: 1.9
db:	SECTRACK	id:	1016067	Trust: 1.9
db:	SECUNIA	id:	16904	Trust: 1.4
db:	CERT/CC	id:	VU#160012	Trust: 1.4
db:	VUPEN	id:	ADV-2006-1778	Trust: 1.1
db:	XF	id:	26391	Trust: 0.8
db:	JVNDB	id:	JVNDB-2006-000965	Trust: 0.8
db:	CNNVD	id:	CNNVD-200510-060	Trust: 0.7
db:	SECUNIA	id:	17285	Trust: 0.7
db:	SECUNIA	id:	17094	Trust: 0.6
db:	SECUNIA	id:	17147	Trust: 0.6
db:	SECUNIA	id:	17129	Trust: 0.6
db:	SECUNIA	id:	20077	Trust: 0.6
db:	SECUNIA	id:	17098	Trust: 0.6
db:	SECUNIA	id:	19130	Trust: 0.6
db:	DEBIAN	id:	DSA-860	Trust: 0.6
db:	DEBIAN	id:	DSA-862	Trust: 0.6
db:	DEBIAN	id:	DSA-864	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2006-05-11	Trust: 0.6
db:	SECTRACK	id:	1014948	Trust: 0.6
db:	SUSE	id:	SUSE-SR:2006:005	Trust: 0.6
db:	USCERT	id:	TA06-132A	Trust: 0.6
db:	BID	id:	17951	Trust: 0.6
db:	BID	id:	14909	Trust: 0.6
db:	XF	id:	22360	Trust: 0.6
db:	GENTOO	id:	GLSA-200510-05	Trust: 0.6
db:	SREASON	id:	59	Trust: 0.6
db:	CERT/CC	id:	TA06-132A	Trust: 0.6
db:	VUPEN	id:	ADV-2006-1779	Trust: 0.6
db:	MANDRIVA	id:	MDKSA-2005:191	Trust: 0.6
db:	UBUNTU	id:	USN-195-1	Trust: 0.6
db:	REDHAT	id:	RHSA-2005:799	Trust: 0.6
db:	VULHUB	id:	VHN-17566	Trust: 0.1
db:	PACKETSTORM	id:	40845	Trust: 0.1

sources: CERT/CC: VU#160012 // CERT/CC: VU#289705 // VULHUB: VHN-17566 // BID: 17953 // PACKETSTORM: 40845 // CNNVD: CNNVD-200510-060 // JVNDB: JVNDB-2006-000965 // NVD: CVE-2006-1458

REFERENCES

url:	http://www.securityfocus.com/bid/17953	Trust: 1.9
url:	http://www.us-cert.gov/cas/techalerts/ta06-132b.html	Trust: 1.9
url:	http://www.kb.cert.org/vuls/id/289705	Trust: 1.9
url:	http://securitytracker.com/id?1016067	Trust: 1.9
url:	http://secunia.com/advisories/20069	Trust: 1.9
url:	http://www.ruby-lang.org/en/20051003.html	Trust: 1.4
url:	http://jvn.jp/jp/jvn%2362914675/index.html	Trust: 1.4
url:	http://lists.apple.com/archives/security-announce/2006/may/msg00002.html	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/1778	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/26391	Trust: 1.1
url:	http://secunia.com/advisories/16904/	Trust: 0.9
url:	http://www.rubycentral.com/book/taint.html	Trust: 0.8
url:	http://www.apple.com/support/downloads/quicktime71.html	Trust: 0.8
url:	http://docs.info.apple.com/article.html?artnum=303752	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1458	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2006/1778	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/26391	Trust: 0.8
url:	http://jvn.jp/cert/jvnta06-132b/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-1458	Trust: 0.8
url:	http://www.mandriva.com/security/advisories?name=mdksa-2005:191	Trust: 0.7
url:	http://www.us-cert.gov/cas/techalerts/ta06-132a.html	Trust: 0.6
url:	http://www.kb.cert.org/vuls/id/160012	Trust: 0.6
url:	http://secunia.com/advisories/16904	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/22360	Trust: 0.6
url:	http://www.ubuntu.com/usn/usn-195-1	Trust: 0.6
url:	http://www.securitytracker.com/alerts/2005/sep/1014948.html	Trust: 0.6
url:	http://www.securityfocus.com/bid/17951	Trust: 0.6
url:	http://www.securityfocus.com/bid/14909	Trust: 0.6
url:	http://www.redhat.com/support/errata/rhsa-2005-799.html	Trust: 0.6
url:	http://www.novell.com/linux/security/advisories/2006_05_sr.html	Trust: 0.6
url:	http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/1779	Trust: 0.6
url:	http://www.debian.org/security/2005/dsa-864	Trust: 0.6
url:	http://www.debian.org/security/2005/dsa-862	Trust: 0.6
url:	http://www.debian.org/security/2005/dsa-860	Trust: 0.6
url:	http://secunia.com/advisories/20077	Trust: 0.6
url:	http://secunia.com/advisories/19130	Trust: 0.6
url:	http://secunia.com/advisories/17285	Trust: 0.6
url:	http://secunia.com/advisories/17147	Trust: 0.6
url:	http://secunia.com/advisories/17129	Trust: 0.6
url:	http://secunia.com/advisories/17098	Trust: 0.6
url:	http://secunia.com/advisories/17094	Trust: 0.6
url:	http://lists.apple.com/archives/security-announce/2006/may/msg00003.html	Trust: 0.6
url:	http://securityreason.com/securityalert/59	Trust: 0.6
url:	http://docs.info.apple.com/article.html?artnum=303752	Trust: 0.3
url:	http://www.apple.com/quicktime/	Trust: 0.3
url:	/archive/1/433850	Trust: 0.3
url:	/archive/1/433810	Trust: 0.3
url:	/archive/1/433828	Trust: 0.3
url:	http://secunia.com/product/4198/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/17285/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/1222/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

CREDITS

Mike PriceATmaCA atmaca@atmacasoft.com http://www.zerodayinitiative.com/ Sowhat smaillist@gmail.com

Trust: 0.6

sources: CNNVD: CNNVD-200510-060

SOURCES

db:	CERT/CC	id:	VU#160012
db:	CERT/CC	id:	VU#289705
db:	VULHUB	id:	VHN-17566
db:	BID	id:	17953
db:	PACKETSTORM	id:	40845
db:	CNNVD	id:	CNNVD-200510-060
db:	JVNDB	id:	JVNDB-2006-000965
db:	NVD	id:	CVE-2006-1458

LAST UPDATE DATE

2025-11-28T20:56:00.564000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#160012	date:	2005-12-16T00:00:00
db:	CERT/CC	id:	VU#289705	date:	2006-05-17T00:00:00
db:	VULHUB	id:	VHN-17566	date:	2017-07-20T00:00:00
db:	BID	id:	17953	date:	2006-05-15T22:29:00
db:	CNNVD	id:	CNNVD-200510-060	date:	2007-01-03T00:00:00
db:	JVNDB	id:	JVNDB-2006-000965	date:	2009-04-03T00:00:00
db:	NVD	id:	CVE-2006-1458	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#160012	date:	2005-10-05T00:00:00
db:	CERT/CC	id:	VU#289705	date:	2006-05-12T00:00:00
db:	VULHUB	id:	VHN-17566	date:	2006-05-12T00:00:00
db:	BID	id:	17953	date:	2006-05-11T00:00:00
db:	PACKETSTORM	id:	40845	date:	2005-10-24T22:35:49
db:	CNNVD	id:	CNNVD-200510-060	date:	2005-10-07T00:00:00
db:	JVNDB	id:	JVNDB-2006-000965	date:	2009-04-03T00:00:00
db:	NVD	id:	CVE-2006-1458	date:	2006-05-12T20:06:00