ID CVE-2006-0387 Type cve Reporter cve@mitre.org Modified 2017-07-20T01:29:00
Description
Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.
{"cert": [{"lastseen": "2019-05-29T20:43:46", "bulletinFamily": "info", "description": "### Overview \n\nApple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description \n\n**Safari **\n\nApple [Safari](<http://www.apple.com/safari/>) is a web browser that comes with the [Mac OS X](<http://www.apple.com/macosx/>) operating system. \n \n**The Problem** \n \nApple Safari contains a stack-based buffer overflow. This vulnerability can be triggered by persuading a user to access a web page containing specially crafted JavaScript with Safari. \n \n--- \n \n### Impact \n\nA remote attacker may be able to execute arbitrary code on a vulnerable system. \n \n--- \n \n### Solution \n\n**Install an update**\n\nThis issue is corrected in [Apple Security Update 2006-001](<http://docs.info.apple.com/article.html?artnum=303382>). \n \n--- \n \n**Disable JavaScript in Safari**\n\n \nFor instructions on how to disable JavaScript in Safari, please refer to the Safari section of the [Securing Your Web Browser](<http://www.us-cert.gov/reading_room/securing_browser/#Safari>) document. \n \n--- \n \n### Vendor Information\n\n176732\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Apple Computer, Inc.\n\nUpdated: March 03, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://docs.info.apple.com/article.html?artnum=303382>.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23176732 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://docs.info.apple.com/article.html?artnum=303382>\n * <http://secunia.com/advisories/19064/>\n\n### Acknowledgements\n\nThis issue was reported in Apple Security Update 2006-001 \n\nThis document was written by Jeff Gennari \n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-0387](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0387>) \n---|--- \n**Severity Metric:****** | 17.21 \n**Date Public:** | 2006-03-02 \n**Date First Published:** | 2006-03-03 \n**Date Last Updated: ** | 2006-03-03 15:02 UTC \n**Document Revision: ** | 10 \n", "modified": "2006-03-03T15:02:00", "published": "2006-03-03T00:00:00", "id": "VU:176732", "href": "https://www.kb.cert.org/vuls/id/176732", "type": "cert", "title": "Apple Safari vulnerable to buffer overflow", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "description": "## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (2006-001) to address this vulnerability.\n## References:\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=303382)\nSecurity Tracker: 1015713\n[Secunia Advisory ID:19064](https://secuniaresearch.flexerasoftware.com/advisories/19064/)\n[Related OSVDB ID: 23639](https://vulners.com/osvdb/OSVDB:23639)\n[Related OSVDB ID: 23646](https://vulners.com/osvdb/OSVDB:23646)\n[Related OSVDB ID: 23636](https://vulners.com/osvdb/OSVDB:23636)\n[Related OSVDB ID: 23640](https://vulners.com/osvdb/OSVDB:23640)\n[Related OSVDB ID: 23641](https://vulners.com/osvdb/OSVDB:23641)\n[Related OSVDB ID: 23642](https://vulners.com/osvdb/OSVDB:23642)\n[Related OSVDB ID: 23643](https://vulners.com/osvdb/OSVDB:23643)\n[Related OSVDB ID: 23648](https://vulners.com/osvdb/OSVDB:23648)\n[Related OSVDB ID: 23649](https://vulners.com/osvdb/OSVDB:23649)\n[Related OSVDB ID: 23638](https://vulners.com/osvdb/OSVDB:23638)\n[Related OSVDB ID: 23644](https://vulners.com/osvdb/OSVDB:23644)\n[Related OSVDB ID: 23645](https://vulners.com/osvdb/OSVDB:23645)\n[Related OSVDB ID: 23647](https://vulners.com/osvdb/OSVDB:23647)\nNews Article: http://www.informationweek.com/news/showArticle.jhtml;?articleID=181500394\n[CVE-2006-0387](https://vulners.com/cve/CVE-2006-0387)\n", "modified": "2006-02-28T06:02:40", "published": "2006-02-28T06:02:40", "href": "https://vulners.com/osvdb/OSVDB:23637", "id": "OSVDB:23637", "title": "Apple Safari JavaScript Processing Unspecified Overflow", "type": "osvdb", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:09:01", "bulletinFamily": "scanner", "description": "The remote host is running Apple Mac OS X, but lacks Security Update 2006-001.\n\nThis security update contains fixes for the following applications :\n\napache_mod_php automount Bom Directory Services iChat IPSec LaunchServices LibSystem loginwindow Mail rsync Safari Syndication", "modified": "2018-07-14T00:00:00", "id": "MACOSX_SECUPD2006-001.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20990", "published": "2006-03-02T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2006-001)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20990);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2005-2713\", \"CVE-2005-2714\", \"CVE-2005-3319\", \"CVE-2005-3353\", \"CVE-2005-3391\",\n \"CVE-2005-3392\", \"CVE-2005-3706\", \"CVE-2005-3712\", \"CVE-2005-4217\", \"CVE-2005-4504\",\n \"CVE-2006-0383\", \"CVE-2006-0384\", \"CVE-2006-0386\", \"CVE-2006-0387\", \"CVE-2006-0388\",\n \"CVE-2006-0389\", \"CVE-2006-0391\", \"CVE-2006-0395\", \"CVE-2006-0848\");\n script_bugtraq_id(16736, 16907);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2006-001)\");\n script_summary(english:\"Check for Security Update 2006-001\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote operating system is missing a vendor-supplied patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Apple Mac OS X, but lacks\nSecurity Update 2006-001.\n\nThis security update contains fixes for the following\napplications :\n\napache_mod_php\nautomount\nBom\nDirectory Services\niChat\nIPSec\nLaunchServices\nLibSystem\nloginwindow\nMail\nrsync\nSafari\nSyndication\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=303382\");\n script_set_attribute(attribute:\"solution\", value:\n\"Mac OS X 10.4 :\nhttp://www.apple.com/support/downloads/securityupdate2006001macosx1045ppc.html\nhttp://www.apple.com/support/downloads/securityupdate2006001macosx1045intel.html\n\nMac OS X 10.3 :\nhttp://www.apple.com/support/downloads/securityupdate20060011039client.html\nhttp://www.apple.com/support/downloads/securityupdate20060011039server.html\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Archive Metadata Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\n\nuname = get_kb_item(\"Host/uname\");\nif ( egrep(pattern:\"Darwin.* (7\\.[0-9]\\.|8\\.[0-5]\\.)\", string:uname) )\n{\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2006-00[123467]|2007-003)\", string:packages)) security_hole(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
