CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 1CVE-2013-3952
https://notcve.org/view.php?id=CVE-2013-3952
The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle. La función fill_pipeinfo en bsd/kern/sys_pipe.c en el XNU kernel en Apple Mac OS X 10.8.x, permite a usuarios locales saltarse el mecanismo de protección KASLR a través de la opción PROC_PIDFDPIPEINFO a la llamada del sistema proc_info para un manejador del kernel tipo "pipe". • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf http://www.syscan.org/index.php/sg/program/day/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 53EXPL: 1CVE-2013-3954
https://notcve.org/view.php?id=CVE-2013-3954
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. La llamada al sistema posix_spawn en el kernel XNU en Apple MAc OS X v10.8.x no valida correctamente los datos para acciones de ficheros y puertos, lo que permite a usuarios locales (1) causar una denegación de servicio mediante un valor de tamaño inconsistente con el campo contador de la cabecera, o (2) obtener información sensible desde la memoria dinámica del kernel mediante un valor de cierto tamaño junto con un búfer especialmente diseñado. • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 http://www.syscan.org/index.php/sg/program/day/2 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 1CVE-2013-3949
https://notcve.org/view.php?id=CVE-2013-3949
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function. La llamada al sistema posix_spawn en el kernel de XNU en Apple Mac OS X v10.8.x no previene el uso de los flags _POSIX_SPAWN_DISABLE_ASLR y _POSIX_SPAWN_ALLOW_DATA_EXEC para programas setuid y setguid, lo que permite a usuarios locales eludir las restricciones de acceso mediante un programa "wrapper" que llama a la función posix_spawnattr_setflags. • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf http://www.syscan.org/index.php/sg/program/day/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 53EXPL: 1CVE-2013-3953
https://notcve.org/view.php?id=CVE-2013-3953
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. La función mach_port_space_info en osfmk/ipc/mach_debug.c en el kernel XNU en Apple Mac OS X 10.8.x, no inicializa determinadas estructuras, lo que permite a usuarios locales la obtención de información sensible a través de la memoria dinámica del kernel mediante una llamada manipulada. • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 http://www.syscan.org/index.php/sg/program/day/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 3%CPEs: 16EXPL: 0CVE-2013-0975 – Apple QuickTime PICT Image LongComment Opcode Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0975
Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Desbordamiento de búfer en QuickDraw Manager de Apple Mac OS X antes de v10.8.4 que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una imagen PICT manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles the LongComment PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit value after it performs some mathematical operations on it. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •