Sign-up

ID

VAR-201306-0307


CVE

CVE-2013-3949


TITLE

Apple Mac OS X of XNU Kernel posix_spawn Vulnerability that circumvents access restrictions in system calls

Trust: 0.8

sources: JVNDB: JVNDB-2013-002896

DESCRIPTION

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function. Local attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions

Trust: 1.98

sources: NVD: CVE-2013-3949 // JVNDB: JVNDB-2013-002896 // BID: 60436 // VULHUB: VHN-63951

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.8.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.x

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.8.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

sources: BID: 60436 // JVNDB: JVNDB-2013-002896 // CNNVD: CNNVD-201306-089 // NVD: CVE-2013-3949

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3949
value: LOW

Trust: 1.0

NVD: CVE-2013-3949
value: LOW

Trust: 0.8

CNNVD: CNNVD-201306-089
value: LOW

Trust: 0.6

VULHUB: VHN-63951
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-3949
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63951
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63951 // JVNDB: JVNDB-2013-002896 // CNNVD: CNNVD-201306-089 // NVD: CVE-2013-3949

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-63951 // JVNDB: JVNDB-2013-002896 // NVD: CVE-2013-3949

THREAT TYPE

local

Trust: 0.9

sources: BID: 60436 // CNNVD: CNNVD-201306-089

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201306-089

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002896

PATCH
title:OS X Mountain Lionurl:http://www.apple.com/jp/osx/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002896

EXTERNAL IDS
db:NVDid:CVE-2013-3949
Trust: 2.8
db:JVNDBid:JVNDB-2013-002896
Trust: 0.8
db:CNNVDid:CNNVD-201306-089
Trust: 0.7
db:BIDid:60436
Trust: 0.4
db:VULHUBid:VHN-63951
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63951 // 
            
            
            
            BID: 60436 // 
            
            
            
            JVNDB: JVNDB-2013-002896 // 
            
            
            
            CNNVD: CNNVD-201306-089 // 
            
            
            
            NVD: CVE-2013-3949

REFERENCES
url:http://antid0te.com/syscan_2013/syscan2013_mountain_lion_ios_vulnerabilities_garage_sale_whitepaper.pdf
Trust: 2.8
url:http://www.syscan.org/index.php/sg/program/day/2
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3949
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3949
Trust: 0.8
url:http://software.cisco.com/download/navigator.html?mdfid=283613663
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63951 // 
            
            
            
            BID: 60436 // 
            
            
            
            JVNDB: JVNDB-2013-002896 // 
            
            
            
            CNNVD: CNNVD-201306-089 // 
            
            
            
            NVD: CVE-2013-3949

CREDITS
Stefan Esser
Trust: 0.3
sources:
            
            
            BID: 60436

SOURCES
db:VULHUBid:VHN-63951
db:BIDid:60436
db:JVNDBid:JVNDB-2013-002896
db:CNNVDid:CNNVD-201306-089
db:NVDid:CVE-2013-3949

LAST UPDATE DATE
2025-04-11T22:55:57.778000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63951date:2013-06-05T00:00:00
db:BIDid:60436date:2013-04-26T00:00:00
db:JVNDBid:JVNDB-2013-002896date:2013-06-07T00:00:00
db:CNNVDid:CNNVD-201306-089date:2013-06-06T00:00:00
db:NVDid:CVE-2013-3949date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-63951date:2013-06-05T00:00:00
db:BIDid:60436date:2013-04-26T00:00:00
db:JVNDBid:JVNDB-2013-002896date:2013-06-07T00:00:00
db:CNNVDid:CNNVD-201306-089date:2013-06-06T00:00:00
db:NVDid:CVE-2013-3949date:2013-06-05T14:39:55.860