Apple Mac Os X Server vulnerabilities

CVE-2006-0395 [MEDIUM] CVE-2006-0395: The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types t The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.

CVE-2006-3505 [HIGH] CVE-2006-3505: WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (cra WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.

CVE-2006-3500 [HIGH] CVE-2006-3500: The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.

CVE-2006-3503 [MEDIUM] CVE-2006-3503: Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denia Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image.

CVE-2006-3504 [MEDIUM] CVE-2006-3504: The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "sa The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.

CVE-2006-0393 [MEDIUM] CVE-2006-0393: OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine a OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.

CVE-2006-0392 [MEDIUM] CVE-2006-0392: Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.

CVE-2006-3501 [MEDIUM] CVE-2006-3501: Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a deni Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.

CVE-2006-3502 [MEDIUM] CVE-2006-3502: Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to caus Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.

CVE-2006-3499 [LOW] CVE-2006-3499: The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive informatio The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications.

CVE-2006-3498 [CRITICAL] CVE-2006-3498: Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 all Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.

CVE-2006-3497 [MEDIUM] CVE-2006-3497: Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 1 Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.

CVE-2006-1472 [MEDIUM] CVE-2006-1472: Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determin Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results.

CVE-2006-3496 [MEDIUM] CVE-2006-3496: AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (c AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.

CVE-2006-1473 [MEDIUM] CVE-2006-1473: Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.

CVE-2006-3495 [LOW] CVE-2006-3495: AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users.

CVE-2006-3356 [LOW] CVE-2006-3356: The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assist The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469.

CVE-2006-1469 [HIGH] CWE-119 CVE-2006-1469: Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image.

CVE-2006-1471 [MEDIUM] CWE-134 CVE-2006-1471: Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 al Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file.

CVE-2006-1470 [MEDIUM] CWE-399 CVE-2006-1470: OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (c OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.