CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 1CVE-2013-3951
https://notcve.org/view.php?id=CVE-2013-3951
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. sys/OpenBSD/stack_protector.c en libc en Apple iOS v6.1.3 y Mac OS X v10.8.x no analiza correctamente los hilos de Apple que trabajan en la implementación user-space stack-cookie, lo que permite a usuarios locales eludir aleatorización cookies mediante la ejecución de un programa con una llamada de la ruta que comienza con el stack-guard=substring, como lo demuestra un ataque desanclaje iOS o un ataque en contra de un programa setuid Mac OS X. • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securitytracker.com/id/1033703 http://www.syscan.org/index.php/sg/program/day/2 https://support.apple.com/HT205212 https://support.apple.com/HT205213 https:/&# • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 4%CPEs: 126EXPL: 1CVE-2013-0984 – Apple Mac OSX Server - DirectoryService Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-0984
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. Servicio de directorio de Apple Mac OS X hasta v10.6.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída del demonio) a través de un mensaje elaborado. • https://www.exploit-db.com/exploits/25974 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 30%CPEs: 56EXPL: 0CVE-2013-0986 – Apple QuickTime enof Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0986
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de átomos ENOF manipulados en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a MOV file. The size field of the enof atom is not properly validated. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 http://support.apple.com/kb/HT5784 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16794 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 89EXPL: 0CVE-2013-1014
https://notcve.org/view.php?id=CVE-2013-1014
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. Apple iTunes anterior a 11.0.3 no verifica adecuadamente los certificados X.509, lo que permite a atacantes man-in-the-middle suplantar los servidores HTTPS a través de un certificado arbitrario válido. • http://lists.apple.com/archives/security-announce/2013/May/msg00000.html http://support.apple.com/kb/HT5766 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17605 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 76EXPL: 0CVE-2013-2776 – sudo: bypass of tty_tickets constraints
https://notcve.org/view.php?id=CVE-2013-2776
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. sudo v1.3.5 hasta v1.7.10p5 y v1.8.0 hasta v1.8.6p6, cuando se ejecuta en sistemas sin /proc o la función sysctl con la opción tty_tickets habilitada, no valida correctamente el control de dispositivo terminal, lo que permite a los usuarios locales con permisos de sudo para secuestrar a la autorización de otra terminal a través de vectores relacionados con una sesión sin un dispositivo terminal de control y la conexión a una entrada estándar, salida, y descriptores de error de archivo de otros terminal. NOTA: esta es una de las tres vulnerabilidades estrechamente relacionadas con las que se asignó originalmente a CVE-2013-1776, pero se han dividido debido a las diferentes versiones afectadas. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://rhn.redhat.com/errata/RHSA-2013-1353.html http://rhn.redhat.com/errata/RHSA-2013-1701.html http://www.debian.org/security/2013/dsa-2642 http://www.openwall.com/lists/oss-security/2013/02/27/31 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/58207 http://www.securityfocus.c • CWE-264: Permissions, Privileges, and Access Controls •