CVE-2006-6061
First published: Wed Nov 22 2006(Updated: )
com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Server | =10.4.8 | |
| Apple iOS and macOS | =10.4.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://projects.info-pull.com/mokb/MOKB-20-11-2006.html
- http://www.securityfocus.com/bid/21201
- http://securitytracker.com/id?1017260
- http://secunia.com/advisories/23012
- http://www.kb.cert.org/vuls/id/367424
- http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html
- http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/
- http://alastairs-place.net/2006/11/dmg-vulnerability/
- http://www.osvdb.org/30509
- http://docs.info.apple.com/article.html?artnum=305214
- http://www.securitytracker.com/id?1017751
- http://secunia.com/advisories/24479
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html
- http://www.vupen.com/english/advisories/2006/4629
- http://www.vupen.com/english/advisories/2007/0930
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30440
Frequently Asked Questions
What is the severity of CVE-2006-6061?
The severity of CVE-2006-6061 has been disputed, with some arguing that it can lead to critical issues due to remote code execution.
How do I fix CVE-2006-6061?
To fix CVE-2006-6061, ensure that you upgrade to a version of macOS that is patched against this vulnerability.
What versions of macOS are affected by CVE-2006-6061?
CVE-2006-6061 affects Apple Mac OS X 10.4.8 and potentially other versions.
What is the impact of CVE-2006-6061?
The impact of CVE-2006-6061 includes potential arbitrary code execution due to memory corruption triggered by malicious DMG images.
Who can exploit CVE-2006-6061?
Remote attackers can exploit CVE-2006-6061 by using malformed DMG images to execute arbitrary code on vulnerable systems.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/description
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-historical
- vendor/apple
- product/mac os x server
- canonical/apple mac os x server
- product/mac os x
- canonical/apple mac os x
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/apple macos server
- version/apple macos server/10.4.8
- canonical/apple ios and macos
- version/apple ios and macos/10.4.8