← Back

CVE-2006-1471

nvd nist
Published: Jun 27, 2006Modified: Apr 16, 2026

JSON object

Loading...
4.6
Vector
AV:L/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 3.9 / Impact: 6.4
Source: NVD

Description

Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file.

Affected (14)

Apple
2 products
Mac Os X
Mac Os X Server
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Mac Os X
Version 10.4.1
Mac Os X
Version 10.4.2
Mac Os X
Version 10.4.3
Mac Os X
Version 10.4.4
Mac Os X
Version 10.4.5
Mac Os X
Version 10.4.6
Mac Os X
Version 10.4
Apple
Mac Os X Server
Version 10.4.1
Mac Os X Server
Version 10.4.2
Mac Os X Server
Version 10.4.3
Mac Os X Server
Version 10.4.4
Mac Os X Server
Version 10.4.5
Mac Os X Server
Version 10.4.6
Mac Os X Server
Version 10.4

Related CWEs

CWE-134
Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (18)

Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.