Details of VAR-201309-0422

ID

VAR-201309-0422

CVE

CVE-2013-5142

TITLE

Apple iOS Vulnerability in Kernels to Obtain Important Information from Kernel Stack Memory

Trust: 0.8

sources: JVNDB: JVNDB-2013-004237

DESCRIPTION

The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. Apple iOS for iPhone, iPod touch, and iPad is prone to multiple information-disclosure vulnerabilities. Local attackers can leverage these issues to gain access to sensitive information. Information obtained may aid in further attacks. Note: This issue was previously covered in BID 62491 (Apple iPhone/iPad/iPod touch Prior to iOS 7 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. There is a buffer overflow vulnerability in the kernel of Apple iOS 6.1.4 and earlier versions. The vulnerability is caused by the program not initializing the kernel data structure

Trust: 1.98

sources: NVD: CVE-2013-5142 // JVNDB: JVNDB-2013-004237 // BID: 62522 // VULHUB: VHN-65144

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	eq	version:	6.0.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	6.1.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	6.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	6.1.3	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	5.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	6.1.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	5.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	6.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.8	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.9	Trust: 0.8
vendor:	apple	model:	tv	scope:	lt	version:	6.0 (apple tv first 2 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	7 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	7 (iphone 4 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	7 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0	Trust: 0.3

sources: BID: 62522 // JVNDB: JVNDB-2013-004237 // CNNVD: CNNVD-201309-332 // NVD: CVE-2013-5142

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5142
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5142
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201309-332
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65144
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5142
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65144
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65144 // JVNDB: JVNDB-2013-004237 // CNNVD: CNNVD-201309-332 // NVD: CVE-2013-5142

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-65144 // JVNDB: JVNDB-2013-004237 // NVD: CVE-2013-5142

THREAT TYPE

local

Trust: 0.9

sources: BID: 62522 // CNNVD: CNNVD-201309-332

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201309-332

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004237

PATCH

title:	APPLE-SA-2013-10-22-3	url:	http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html	Trust: 0.8
title:	APPLE-SA-2013-09-20-1	url:	http://lists.apple.com/archives/security-announce/2013/Sep/msg00008.html	Trust: 0.8
title:	APPLE-SA-2013-09-18-2	url:	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html	Trust: 0.8
title:	HT6011	url:	http://support.apple.com/kb/HT6011	Trust: 0.8
title:	HT5934	url:	http://support.apple.com/kb/HT5934	Trust: 0.8
title:	HT5935	url:	http://support.apple.com/kb/HT5935	Trust: 0.8
title:	HT5934	url:	http://support.apple.com/kb/HT5934?viewlocale=ja_JP	Trust: 0.8
title:	HT5935	url:	http://support.apple.com/kb/HT5935?viewlocale=ja_JP	Trust: 0.8
title:	HT6011	url:	http://support.apple.com/kb/HT6011?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2013-004237

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5142	Trust: 2.8
db:	SECTRACK	id:	1029054	Trust: 1.1
db:	JVN	id:	JVNVU98681940	Trust: 0.8
db:	JVN	id:	JVNVU95174988	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-004237	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-332	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2013-09-18-2	Trust: 0.6
db:	BID	id:	62522	Trust: 0.4
db:	VULHUB	id:	VHN-65144	Trust: 0.1

sources: VULHUB: VHN-65144 // BID: 62522 // JVNDB: JVNDB-2013-004237 // CNNVD: CNNVD-201309-332 // NVD: CVE-2013-5142

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5934	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2013/oct/msg00004.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1029054	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5142	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu98681940/index.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95174988/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5142	Trust: 0.8
url:	http://www.apple.com/iphone/softwareupdate/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-65144 // BID: 62522 // JVNDB: JVNDB-2013-004237 // CNNVD: CNNVD-201309-332 // NVD: CVE-2013-5142

CREDITS

Kenzley Alphonse of Kenx Technology, Inc

Trust: 0.3

sources: BID: 62522

SOURCES

db:	VULHUB	id:	VHN-65144
db:	BID	id:	62522
db:	JVNDB	id:	JVNDB-2013-004237
db:	CNNVD	id:	CNNVD-201309-332
db:	NVD	id:	CVE-2013-5142

LAST UPDATE DATE

2025-04-11T19:49:30.177000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65144	date:	2013-10-31T00:00:00
db:	BID	id:	62522	date:	2013-10-24T00:50:00
db:	JVNDB	id:	JVNDB-2013-004237	date:	2013-11-08T00:00:00
db:	CNNVD	id:	CNNVD-201309-332	date:	2013-09-23T00:00:00
db:	NVD	id:	CVE-2013-5142	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65144	date:	2013-09-19T00:00:00
db:	BID	id:	62522	date:	2013-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-004237	date:	2013-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201309-332	date:	2013-09-23T00:00:00
db:	NVD	id:	CVE-2013-5142	date:	2013-09-19T10:28:00.850