Details of VAR-200604-0270

ID

VAR-200604-0270

CVE

CVE-2006-1986

TITLE

Apple Safari Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2006-003765

DESCRIPTION

Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl. Apple Safari There is a service disruption (DoS) There are vulnerabilities that are put into a state.Service disruption by a third party (DoS) There is a possibility of being put into a state. Apple Mac OS X is reported prone to multiple security vulnerabilities. These issue affect Mac OS X and various applications including Safari, Preview, Finder, QuickTime, and BOMArchiveHelper. A remote attacker may exploit these issues to execute arbitrary code and/or trigger a denial-of-service condition. Apple Mac OS X 10.4.6 and prior are reported vulnerable to these issues. When parsing malformed .tiff graphic files, LZWDecodeVector(), _cg_TIFFSetField () or PredictorVSetField () functions do not correctly parse the malformed data, resulting in the failure to open the graphic Application crashes. The vulnerability is triggered by the core .tiff parsing engine, so Preview, Finder, QuickTime, and Safari are all possible attack vectors. 2 When decompressing a specially crafted .zip file, the BOMStackPop () function does not correctly parse the malformed data, resulting in a heap overflow vulnerability. 4 When decompressing a specially crafted .bmp file, the ReadBMP () function does not correctly parse the malformed data, resulting in a heap overflow vulnerability. 5 When decompressing a specially crafted .gif file, the CFAllocatorAllocate () function does not correctly parse the malformed data, resulting in a heap overflow vulnerability. 1) An error exists in the "BOMStackPop()" function in the BOMArchiveHelper when decompressing malformed ZIP archives. 2) Some errors exists in the "KWQListIteratorImpl()", "drawText()", and "objc_msgSend_rtp()" functions in Safari when processing malformed HTML tags. 3) An error exists in the "ReadBMP()" function when processing malformed BMP images and can be exploited via e.g. Safari or the Preview application. 4) An error exists in the "CFAllocatorAllocate()" function when processing malformed GIF images and can be exploited via e.g. Safari when a user visits a malicious web site. 5) Two errors exists in the " _cg_TIFFSetField ()" and "PredictorVSetField()" functions when processing malformed TIFF images and can be exploited via e.g. The vulnerabilities have been reported in version 10.4.6. Other versions may also be affected. SOLUTION: Do not visit untrusted web sites, and do not open ZIP archives or images originating from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Tom Ferris ORIGINAL ADVISORY: Tom Ferris: http://www.security-protocols.com/sp-x25-advisory.php http://www.security-protocols.com/sp-x26-advisory.php http://www.security-protocols.com/sp-x27-advisory.php http://www.security-protocols.com/sp-x28-advisory.php http://www.security-protocols.com/sp-x29-advisory.php http://www.security-protocols.com/sp-x30-advisory.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-1986 // JVNDB: JVNDB-2006-003765 // BID: 17634 // VULHUB: VHN-18094 // PACKETSTORM: 45638

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 2.7
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	2.0	Trust: 1.6
vendor:	apple	model:	mobile safari	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3

sources: BID: 17634 // JVNDB: JVNDB-2006-003765 // NVD: CVE-2006-1986 // CNNVD: CNNVD-200604-424

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2006-1986
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-200604-424
value:	HIGH
Trust: 0.6
VULHUB:	VHN-18094
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	TRUE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2006-1986
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-18094
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-18094 // JVNDB: JVNDB-2006-003765 // NVD: CVE-2006-1986 // CNNVD: CNNVD-200604-424

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-1986

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200604-424

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200604-424

CONFIGURATIONS

sources: NVD: CVE-2006-1986

EXTERNAL IDS

db:	NVD	id:	CVE-2006-1986	Trust: 2.5
db:	BID	id:	17634	Trust: 2.0
db:	SECUNIA	id:	19686	Trust: 1.8
db:	OSVDB	id:	24823	Trust: 1.7
db:	VUPEN	id:	ADV-2006-1452	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-003765	Trust: 0.8
db:	XF	id:	25946	Trust: 0.6
db:	CNNVD	id:	CNNVD-200604-424	Trust: 0.6
db:	VULHUB	id:	VHN-18094	Trust: 0.1
db:	PACKETSTORM	id:	45638	Trust: 0.1

sources: VULHUB: VHN-18094 // BID: 17634 // JVNDB: JVNDB-2006-003765 // PACKETSTORM: 45638 // NVD: CVE-2006-1986 // CNNVD: CNNVD-200604-424

REFERENCES

url:	http://www.security-protocols.com/sp-x26-advisory.php	Trust: 2.1
url:	http://www.securityfocus.com/bid/17634	Trust: 1.7
url:	http://security-protocols.com/poc/sp-x26-1.html	Trust: 1.7
url:	http://www.osvdb.org/24823	Trust: 1.7
url:	http://secunia.com/advisories/19686	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/1452	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/25946	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1986	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-1986	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/25946	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/1452	Trust: 0.6
url:	http://www.security-protocols.com/sp-x29-advisory.php	Trust: 0.4
url:	http://www.security-protocols.com/sp-x30-advisory.php	Trust: 0.4
url:	http://www.security-protocols.com/sp-x28-advisory.php	Trust: 0.4
url:	http://www.security-protocols.com/sp-x27-advisory.php	Trust: 0.4
url:	http://www.security-protocols.com/sp-x25-advisory.php	Trust: 0.4
url:	http://docs.info.apple.com/article.html?artnum=303737	Trust: 0.3
url:	http://www.security-protocols.com/sp-x24-advisory.php	Trust: 0.3
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 0.3
url:	http://www.security-protocols.com/modules.php?name=news&file=article&sid=3233	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://www.security-protocols.com/modules.php?name=news&file=article&sid=3236	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/19686/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/96/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-18094 // BID: 17634 // JVNDB: JVNDB-2006-003765 // PACKETSTORM: 45638 // NVD: CVE-2006-1986 // CNNVD: CNNVD-200604-424

CREDITS

Tom Ferris tommy@security-protocols.com

Trust: 0.6

sources: CNNVD: CNNVD-200604-424

SOURCES

db:	VULHUB	id:	VHN-18094
db:	BID	id:	17634
db:	JVNDB	id:	JVNDB-2006-003765
db:	PACKETSTORM	id:	45638
db:	NVD	id:	CVE-2006-1986
db:	CNNVD	id:	CNNVD-200604-424

LAST UPDATE DATE

2023-12-18T10:49:07.006000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-18094	date:	2017-07-20T00:00:00
db:	BID	id:	17634	date:	2006-05-17T19:59:00
db:	JVNDB	id:	JVNDB-2006-003765	date:	2013-12-26T00:00:00
db:	NVD	id:	CVE-2006-1986	date:	2017-07-20T01:31:04.990
db:	CNNVD	id:	CNNVD-200604-424	date:	2006-04-25T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-18094	date:	2006-04-21T00:00:00
db:	BID	id:	17634	date:	2006-04-20T00:00:00
db:	JVNDB	id:	JVNDB-2006-003765	date:	2013-12-26T00:00:00
db:	PACKETSTORM	id:	45638	date:	2006-04-25T22:06:23
db:	NVD	id:	CVE-2006-1986	date:	2006-04-21T22:02:00
db:	CNNVD	id:	CNNVD-200604-424	date:	2005-11-07T00:00:00