Sign-up

ID

VAR-201306-0312


CVE

CVE-2013-3954


TITLE

Apple Mac OS X of XNU kernel Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002901

DESCRIPTION

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. Attackers can exploit this issue to cause the kernel to panic, denying service to legitimate users. The attacker may also exploit this issue to gain access to information in the kernel heap memory through a specially crafted buffer. Apple Mac OS X is a dedicated operating system developed by Apple for Mac computers. The vulnerability is caused by the program not properly validating data for file operations and port operations

Trust: 1.98

sources: NVD: CVE-2013-3954 // JVNDB: JVNDB-2013-002901 // BID: 60444 // VULHUB: VHN-63956

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:5.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.1.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:5.1.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:5.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:5.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.1.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.8.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:6.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.8.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.8.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.8.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.8.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.9

Trust: 0.8

vendor:applemodel:tvscope:ltversion:6.0 (apple tv first 2 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (iphone 4 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

sources: BID: 60444 // JVNDB: JVNDB-2013-002901 // CNNVD: CNNVD-201306-094 // NVD: CVE-2013-3954

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3954
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3954
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201306-094
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63956
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3954
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2013-3954
severity: MEDIUM
baseScore: 5.4
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-63956
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63956 // JVNDB: JVNDB-2013-002901 // CNNVD: CNNVD-201306-094 // NVD: CVE-2013-3954

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-63956 // JVNDB: JVNDB-2013-002901 // NVD: CVE-2013-3954

THREAT TYPE

local

Trust: 0.9

sources: BID: 60444 // CNNVD: CNNVD-201306-094

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201306-094

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002901

PATCH
title:OS Xurl:http://www.apple.com/jp/osx/
Trust: 0.8
title:APPLE-SA-2013-09-18-2url:http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
Trust: 0.8
title:APPLE-SA-2013-10-22-3url:http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
Trust: 0.8
title:APPLE-SA-2013-09-20-1url:http://lists.apple.com/archives/security-announce/2013/Sep/msg00008.html
Trust: 0.8
title:HT6011url:http://support.apple.com/kb/HT6011
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934
Trust: 0.8
title:HT5935url:http://support.apple.com/kb/HT5935
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934?viewlocale=ja_JP
Trust: 0.8
title:HT5935url:http://support.apple.com/kb/HT5935?viewlocale=ja_JP
Trust: 0.8
title:HT6011url:http://support.apple.com/kb/HT6011?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002901

EXTERNAL IDS
db:NVDid:CVE-2013-3954
Trust: 2.8
db:SECTRACKid:1029054
Trust: 1.1
db:SECUNIAid:54886
Trust: 1.1
db:JVNid:JVNVU98681940
Trust: 0.8
db:JVNid:JVNVU95174988
Trust: 0.8
db:JVNDBid:JVNDB-2013-002901
Trust: 0.8
db:CNNVDid:CNNVD-201306-094
Trust: 0.7
db:BIDid:60444
Trust: 0.4
db:VULHUBid:VHN-63956
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63956 // 
            
            
            
            BID: 60444 // 
            
            
            
            JVNDB: JVNDB-2013-002901 // 
            
            
            
            CNNVD: CNNVD-201306-094 // 
            
            
            
            NVD: CVE-2013-3954

REFERENCES
url:http://antid0te.com/syscan_2013/syscan2013_mountain_lion_ios_vulnerabilities_garage_sale_whitepaper.pdf
Trust: 2.8
url:http://www.syscan.org/index.php/sg/program/day/2
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html
Trust: 1.4
url:http://lists.apple.com/archives/security-announce/2013/oct/msg00004.html
Trust: 1.1
url:http://support.apple.com/kb/ht5934
Trust: 1.1
url:http://www.securitytracker.com/id/1029054
Trust: 1.1
url:http://secunia.com/advisories/54886
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3954
Trust: 0.8
url:http://jvn.jp/cert/jvnvu98681940/index.html
Trust: 0.8
url:http://jvn.jp/cert/jvnvu95174988/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3954
Trust: 0.8
url:http://support.apple.com/kb/ht5935
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63956 // 
            
            
            
            BID: 60444 // 
            
            
            
            JVNDB: JVNDB-2013-002901 // 
            
            
            
            CNNVD: CNNVD-201306-094 // 
            
            
            
            NVD: CVE-2013-3954

CREDITS
Stefan Esser
Trust: 0.3
sources:
            
            
            BID: 60444

SOURCES
db:VULHUBid:VHN-63956
db:BIDid:60444
db:JVNDBid:JVNDB-2013-002901
db:CNNVDid:CNNVD-201306-094
db:NVDid:CVE-2013-3954

LAST UPDATE DATE
2025-04-11T20:58:21.493000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63956date:2013-10-31T00:00:00
db:BIDid:60444date:2015-03-19T08:29:00
db:JVNDBid:JVNDB-2013-002901date:2013-11-08T00:00:00
db:CNNVDid:CNNVD-201306-094date:2013-06-06T00:00:00
db:NVDid:CVE-2013-3954date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-63956date:2013-06-05T00:00:00
db:BIDid:60444date:2013-04-26T00:00:00
db:JVNDBid:JVNDB-2013-002901date:2013-06-07T00:00:00
db:CNNVDid:CNNVD-201306-094date:2013-06-06T00:00:00
db:NVDid:CVE-2013-3954date:2013-06-05T14:39:57.853