CVE-2013-3951
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.
sys/OpenBSD/stack_protector.c en libc en Apple iOS v6.1.3 y Mac OS X v10.8.x no analiza correctamente los hilos de Apple que trabajan en la implementación user-space stack-cookie, lo que permite a usuarios locales eludir aleatorización cookies mediante la ejecución de un programa con una llamada de la ruta que comienza con el stack-guard=substring, como lo demuestra un ataque desanclaje iOS o un ataque en contra de un programa setuid Mac OS X.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-05 CVE Reserved
- 2013-06-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1033703 | Vdb Entry | |
| http://www.syscan.org/index.php/sg/program/day/2 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html | 2016-12-08 | |
| http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html | 2016-12-08 | |
| http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html | 2016-12-08 | |
| https://support.apple.com/HT205212 | 2016-12-08 | |
| https://support.apple.com/HT205213 | 2016-12-08 | |
| https://support.apple.com/HT205267 | 2016-12-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | <= 8.2 Search vendor "Apple" for product "Iphone Os" and version " <= 8.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.10.4 Search vendor "Apple" for product "Mac Os X" and version " <= 10.10.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | <= 1.0.1 Search vendor "Apple" for product "Watchos" and version " <= 1.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 6.1.3 Search vendor "Apple" for product "Iphone Os" and version "6.1.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.8.0 Search vendor "Apple" for product "Mac Os X" and version "10.8.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.8.1 Search vendor "Apple" for product "Mac Os X" and version "10.8.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.8.2 Search vendor "Apple" for product "Mac Os X" and version "10.8.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.8.3 Search vendor "Apple" for product "Mac Os X" and version "10.8.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.8.4 Search vendor "Apple" for product "Mac Os X" and version "10.8.4" | - |
Affected
| ||||||