Details of VAR-201306-0313

ID

VAR-201306-0313

CVE

CVE-2013-3955

TITLE

iPad On the device Apple iOS of XNU kernel Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-002902

DESCRIPTION

The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem. Apple iOS is prone to a local memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Apple iOS 5.x and 6.x through 6.1.3 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 1.98

sources: NVD: CVE-2013-3955 // JVNDB: JVNDB-2013-002902 // BID: 60443 // VULHUB: VHN-63957

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	eq	version:	5.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	6.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	6.1.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	5.1.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	6.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	6.0.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	6.0.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	6.1.3	Trust: 1.6
vendor:	apple	model:	ipad mini	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	ipad2	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	ipad	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	ios	scope:	eq	version:	5.x	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	6.0 to 6.1.3	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	7 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	7 (iphone 4 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	7 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	ipad	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	ipad 2	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	ipad mini	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3

sources: BID: 60443 // JVNDB: JVNDB-2013-002902 // CNNVD: CNNVD-201306-095 // NVD: CVE-2013-3955

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3955
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3955
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201306-095
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63957
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3955
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2013-3955
severity:	LOW
baseScore:	3.7
vectorString:	AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-63957
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63957 // JVNDB: JVNDB-2013-002902 // CNNVD: CNNVD-201306-095 // NVD: CVE-2013-3955

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-63957 // JVNDB: JVNDB-2013-002902 // NVD: CVE-2013-3955

THREAT TYPE

local

Trust: 0.9

sources: BID: 60443 // CNNVD: CNNVD-201306-095

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201306-095

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002902

PATCH

title:	iOS 6	url:	http://www.apple.com/jp/ios/	Trust: 0.8
title:	APPLE-SA-2013-09-18-2	url:	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html	Trust: 0.8
title:	HT5934	url:	http://support.apple.com/kb/HT5934	Trust: 0.8
title:	HT5934	url:	http://support.apple.com/kb/HT5934?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2013-002902

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3955	Trust: 2.8
db:	SECTRACK	id:	1029054	Trust: 1.1
db:	JVN	id:	JVNVU98681940	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-002902	Trust: 0.8
db:	CNNVD	id:	CNNVD-201306-095	Trust: 0.7
db:	BID	id:	60443	Trust: 0.4
db:	VULHUB	id:	VHN-63957	Trust: 0.1

sources: VULHUB: VHN-63957 // BID: 60443 // JVNDB: JVNDB-2013-002902 // CNNVD: CNNVD-201306-095 // NVD: CVE-2013-3955

REFERENCES

url:	http://antid0te.com/syscan_2013/syscan2013_mountain_lion_ios_vulnerabilities_garage_sale_whitepaper.pdf	Trust: 2.5
url:	http://www.syscan.org/index.php/sg/program/day/2	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html	Trust: 1.1
url:	http://support.apple.com/kb/ht5934	Trust: 1.1
url:	http://www.securitytracker.com/id/1029054	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3955	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu98681940/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3955	Trust: 0.8
url:	http://www.apple.com/iphone/softwareupdate/	Trust: 0.3

sources: VULHUB: VHN-63957 // BID: 60443 // JVNDB: JVNDB-2013-002902 // CNNVD: CNNVD-201306-095 // NVD: CVE-2013-3955

CREDITS

This issue was disclosed by Stefan Esser during the SyScan 2013 security conference.

Trust: 0.3

sources: BID: 60443

SOURCES

db:	VULHUB	id:	VHN-63957
db:	BID	id:	60443
db:	JVNDB	id:	JVNDB-2013-002902
db:	CNNVD	id:	CNNVD-201306-095
db:	NVD	id:	CVE-2013-3955

LAST UPDATE DATE

2025-04-11T20:31:38.400000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63957	date:	2013-10-11T00:00:00
db:	BID	id:	60443	date:	2013-09-21T00:11:00
db:	JVNDB	id:	JVNDB-2013-002902	date:	2013-10-15T00:00:00
db:	CNNVD	id:	CNNVD-201306-095	date:	2013-09-27T00:00:00
db:	NVD	id:	CVE-2013-3955	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63957	date:	2013-06-05T00:00:00
db:	BID	id:	60443	date:	2013-04-26T00:00:00
db:	JVNDB	id:	JVNDB-2013-002902	date:	2013-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201306-095	date:	2013-06-06T00:00:00
db:	NVD	id:	CVE-2013-3955	date:	2013-06-05T14:39:57.877