Mac OS X Xsan Filesystem Path Name Processing Overflow
2006-08-14T07:49:05
ID OSVDB:27994 Type osvdb Reporter Andrew Wellington() Modified 2006-08-14T07:49:05
Description
Vulnerability Description
A local overflow exists in Mac OS X. The included Xsan filesystem driver fails to validate path names resulting in a buffer overflow. With a specially crafted pathname, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Solution Description
Upgrade to Xsan filesystem driver version 1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
A local overflow exists in Mac OS X. The included Xsan filesystem driver fails to validate path names resulting in a buffer overflow. With a specially crafted pathname, an attacker can cause arbitrary code execution resulting in a loss of integrity.
{"type": "osvdb", "published": "2006-08-14T07:49:05", "href": "https://vulners.com/osvdb/OSVDB:27994", "bulletinFamily": "software", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 4.6}, "viewCount": 4, "edition": 1, "reporter": "Andrew Wellington()", "title": "Mac OS X Xsan Filesystem Path Name Processing Overflow", "affectedSoftware": [{"operator": "eq", "version": "10.4.2", "name": "Mac OS X"}, {"operator": "eq", "version": "10.4.1", "name": "Mac OS X"}, {"operator": "eq", "version": "10.4.4", "name": "Mac OS X"}, {"operator": "eq", "version": "10.4.6", "name": "Mac OS X"}, {"operator": "eq", "version": "10.4.3", "name": "Mac OS X"}, {"operator": "eq", "version": "10.4.7", "name": "Mac OS X"}, {"operator": "eq", "version": "10.4", "name": "Mac OS X"}, {"operator": "eq", "version": "10.4.5", "name": "Mac OS X"}], "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2017-04-28T13:20:24", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-3506"]}, {"type": "cert", "idList": ["VU:737204"]}], "modified": "2017-04-28T13:20:24", "rev": 2}, "vulnersScore": 5.2}, "references": [], "id": "OSVDB:27994", "lastseen": "2017-04-28T13:20:24", "cvelist": ["CVE-2006-3506"], "modified": "2006-08-14T07:49:05", "description": "## Vulnerability Description\nA local overflow exists in Mac OS X. The included Xsan filesystem driver fails to validate path names resulting in a buffer overflow. With a specially crafted pathname, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to Xsan filesystem driver version 1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA local overflow exists in Mac OS X. The included Xsan filesystem driver fails to validate path names resulting in a buffer overflow. With a specially crafted pathname, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=304188)\nSecurity Tracker: 1016711\n[Secunia Advisory ID:21551](https://secuniaresearch.flexerasoftware.com/advisories/21551/)\nFrSIRT Advisory: ADV-2006-3315\n[CVE-2006-3506](https://vulners.com/cve/CVE-2006-3506)\nBugtraq ID: 19579\n", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:27:22", "description": "Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to \"processing a path name.\"\nThis vulnerability is addressed in the following product release:\r\nApple, Xsan, 1.4", "edition": 4, "cvss3": {}, "published": "2006-08-21T19:04:00", "title": "CVE-2006-3506", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-3506"], "modified": "2011-03-08T02:38:00", "cpe": ["cpe:/a:apple:xsan:1.0", "cpe:/a:apple:xsan:1.2", "cpe:/o:apple:mac_os_x:10.4.7", "cpe:/o:apple:mac_os_x_server:10.4.7", "cpe:/a:apple:xsan:1.3"], "id": "CVE-2006-3506", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3506", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:xsan:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:xsan:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:xsan:1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*"]}], "cert": [{"lastseen": "2020-09-18T20:43:03", "bulletinFamily": "info", "cvelist": ["CVE-2006-3506"], "description": "### Overview \n\nA buffer overflow vulnerability in Apple's Xsan product may allow a local attacker to run arbitrary code with root privileges or create a denial-of-service condition.\n\n### Description \n\n**Xsan Filesystem**\n\n[Xsan](<http://www.apple.com/xsan/>) is a Storage Area Network (SAN) filesystem designed for use by Apple OS X and OS X Server operating systems. \n \n**The Problem** \nThere is a buffer overflow vulnerability in the Xsan filesystem driver that may affect systems directly attached to Xsan. An authenticated user with write access to the filesystem may exploit this vulnerability by creating a file with a specially crafted path name. \n \n--- \n \n### Impact \n\nA local, authenticated attacker may be able to execute arbitrary code with system privileges, or create a denial-of-service condition. \n \n--- \n \n### Solution \n\n**Upgrade** \nApple has released [Xsan Filesystem 1.4](<http://docs.info.apple.com/article.html?artnum=304188>) to address this vulnerability. \n \n--- \n \n \n**Restrict Write Access** \nOnly allowing trusted users write access to the Xsan Filesystem may mitigate this vulnerability. The [Xsan Administrator's Guide](<http://manuals.info.apple.com/en/xsan/XsanAdminGuide.pdf>) has instructions on how to restrict a client to read-only access. \n \n--- \n \n### Vendor Information\n\n737204\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer, Inc. __ Affected\n\nUpdated: August 21, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://docs.info.apple.com/article.html?artnum=304188> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23737204 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://docs.info.apple.com/article.html?artnum=304188>\n * <http://secunia.com/advisories/21551/>\n\n### Acknowledgements\n\nThis vulnerability was reported by Apple, who credit Andrew Wellington of The Australian National University for reporting this vulnerability.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-3506](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-3506>) \n---|--- \n**Severity Metric:** | 0.31 \n**Date Public:** | 2006-08-17 \n**Date First Published:** | 2006-08-21 \n**Date Last Updated: ** | 2006-08-21 18:43 UTC \n**Document Revision: ** | 25 \n", "modified": "2006-08-21T18:43:00", "published": "2006-08-21T00:00:00", "id": "VU:737204", "href": "https://www.kb.cert.org/vuls/id/737204", "type": "cert", "title": "Xsan Filesystem fails to properly process path names", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}