CVE-2006-3500 - OpenCVE

The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Mac Os X Mac Os X Server

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x:10.4.7:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.7:::::::*

References

Link	Resource
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
http://secunia.com/advisories/21253
http://www.osvdb.org/27738
http://www.securityfocus.com/bid/19289
http://www.us-cert.gov/cas/techalerts/TA06-214A.html	US Government Resource
http://www.vupen.com/english/advisories/2006/3101
https://exchange.xforce.ibmcloud.com/vulnerabilities/28141

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-03T01:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-07-10T00:00:00

Link: CVE-2006-3500

JSON object: View

NVD Information

Status : Modified

Published: 2006-08-03T01:04:00.000

Modified: 2017-07-20T01:32:21.227

Link: CVE-2006-3500

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an \"improperly handled condition\" that leads to use of \"dangerous paths,\" probably related to an untrusted search path vulnerability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "APPLE-SA-2006-08-01", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"}, {"name": "ADV-2006-3101", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3101"}, {"name": "21253", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21253"}, {"name": "macosx-dyld-privilege-escalation(28141)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28141"}, {"name": "19289", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19289"}, {"name": "TA06-214A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"}, {"name": "27738", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27738"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3500", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an \"improperly handled condition\" that leads to use of \"dangerous paths,\" probably related to an untrusted search path vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2006-08-01", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"}, {"name": "ADV-2006-3101", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3101"}, {"name": "21253", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21253"}, {"name": "macosx-dyld-privilege-escalation(28141)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28141"}, {"name": "19289", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19289"}, {"name": "TA06-214A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"}, {"name": "27738", "refsource": "OSVDB", "url": "http://www.osvdb.org/27738"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3500", "datePublished": "2006-08-03T01:00:00", "dateReserved": "2006-07-10T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "8719F3C4-F1DE-49B5-9301-22414A2B6F9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "8AC9692A-CE81-446D-B136-449662C4B9A2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an \"improperly handled condition\" that leads to use of \"dangerous paths,\" probably related to an untrusted search path vulnerability."}, {"lang": "es", "value": "El enlazador din\u00e1mico (dyld) en Apple Mac OS X 10.4.7 permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una \"condici\u00f3n de manejo incorrecta\" que conduce al uso de \"parches peligrosos\", posiblemente relacionados con una vulnerabilidad del camino de b\u00fasqueda no confiable en un fichero."}], "id": "CVE-2006-3500", "lastModified": "2017-07-20T01:32:21.227", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-03T01:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21253"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27738"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19289"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3101"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28141"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}