CVE-2006-4407 - OpenCVE

The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x:10.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.7:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.8:::::::*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://secunia.com/advisories/23155
http://securitytracker.com/id?1017298
http://www.kb.cert.org/vuls/id/734032
http://www.osvdb.org/30731
http://www.securityfocus.com/bid/21335
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
http://www.vupen.com/english/advisories/2006/4750

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-30T16:00:00

Updated: 2024-08-07T19:06:07.657Z

Reserved: 2006-08-28T00:00:00

Link: CVE-2006-4407

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-11-30T16:28:00.000

Modified: 2011-03-08T02:40:52.703

Link: CVE-2006-4407

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-12-04T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-4750", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4750"}, {"name": "30731", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/30731"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=304829"}, {"name": "21335", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21335"}, {"name": "VU#734032", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/734032"}, {"name": "1017298", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017298"}, {"name": "23155", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23155"}, {"name": "APPLE-SA-2006-11-28", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"}, {"name": "TA06-333A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4407", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-4750", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4750"}, {"name": "30731", "refsource": "OSVDB", "url": "http://www.osvdb.org/30731"}, {"name": "http://docs.info.apple.com/article.html?artnum=304829", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=304829"}, {"name": "21335", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21335"}, {"name": "VU#734032", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/734032"}, {"name": "1017298", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017298"}, {"name": "23155", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23155"}, {"name": "APPLE-SA-2006-11-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"}, {"name": "TA06-333A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:06:07.657Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-4750", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4750"}, {"name": "30731", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/30731"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=304829"}, {"name": "21335", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21335"}, {"name": "VU#734032", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/734032"}, {"name": "1017298", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017298"}, {"name": "23155", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23155"}, {"name": "APPLE-SA-2006-11-28", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"}, {"name": "TA06-333A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4407", "datePublished": "2006-11-30T16:00:00", "dateReserved": "2006-08-28T00:00:00", "dateUpdated": "2024-08-07T19:06:07.657Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "matchCriteriaId": "BFDADE04-29F0-446B-824B-0518880CF0A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "ED9BE602-A740-4CF7-9CAF-59061B16AB31", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "33E698C1-C313-40E6-BAF9-7C8F9CF02484", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "421079DA-B605-4E05-9454-C30CF7631CF4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "93B734BA-3435-40A9-B22B-5D56CEB865A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "C4B57B3E-B1B2-4F13-99D3-4F9DB3C07B5E", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "30897327-44DD-4D6C-B8B6-2D66C44EA55D", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "B79D8F73-2E78-4A67-96BB-21AD9BCB0094", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic."}, {"lang": "es", "value": "El subsistema de seguridad de Apple Mac OS X 10.3.x hasta 10.3.9 no prioriza adecuadamente el cifrado de encriptaci\u00f3n cuando negocia cifrado compartido fuerte, lo cual provoca Transporte Seguro al usuario, un cifrado m\u00e1s d\u00e9bil que facilita a atacantes remotos desencriptar el tr\u00e1fico."}], "id": "CVE-2006-4407", "lastModified": "2011-03-08T02:40:52.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-30T16:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=304829"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23155"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017298"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/734032"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/30731"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21335"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4750"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}