Details of VAR-201310-0492

ID

VAR-201310-0492

CVE

CVE-2013-5180

TITLE

Apple Mac OS X of Libc of srandomdev Vulnerability that breaks cryptographic protection mechanisms in functions

Trust: 0.8

sources: JVNDB: JVNDB-2013-004847

DESCRIPTION

The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. An attacker can exploit this weakness to predict random number values and bypass certain security restrictions. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Mac OS X versions prior to 10.9. When the srandomdev function cannot access the kernel random number generator, the function will fall back to an alternative method that has been removed during optimization, resulting in a lack of randomness. Attackers can exploit this vulnerability to invalidate the encryption protection mechanism

Trust: 1.98

sources: NVD: CVE-2013-5180 // JVNDB: JVNDB-2013-004847 // BID: 63347 // VULHUB: VHN-65182

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	lte	version:	10.8.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.9	Trust: 0.8
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.9	Trust: 0.3

sources: BID: 63347 // JVNDB: JVNDB-2013-004847 // CNNVD: CNNVD-201310-591 // NVD: CVE-2013-5180

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5180
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5180
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-591
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65182
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5180
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65182
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65182 // JVNDB: JVNDB-2013-004847 // CNNVD: CNNVD-201310-591 // NVD: CVE-2013-5180

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-65182 // JVNDB: JVNDB-2013-004847 // NVD: CVE-2013-5180

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-591

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201310-591

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004847

PATCH

title:	APPLE-SA-2013-10-22-3	url:	http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html	Trust: 0.8
title:	HT6011	url:	http://support.apple.com/kb/HT6011	Trust: 0.8
title:	HT6011	url:	http://support.apple.com/kb/HT6011?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2013-004847

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5180	Trust: 2.8
db:	JVN	id:	JVNVU95174988	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-004847	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-591	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2013-10-22-3	Trust: 0.6
db:	BID	id:	63347	Trust: 0.4
db:	VULHUB	id:	VHN-65182	Trust: 0.1

sources: VULHUB: VHN-65182 // BID: 63347 // JVNDB: JVNDB-2013-004847 // CNNVD: CNNVD-201310-591 // NVD: CVE-2013-5180

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2013/oct/msg00004.html	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5180	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95174988/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5180	Trust: 0.8
url:	http://software.cisco.com/download/navigator.html?mdfid=283613663	Trust: 0.3

sources: VULHUB: VHN-65182 // BID: 63347 // JVNDB: JVNDB-2013-004847 // CNNVD: CNNVD-201310-591 // NVD: CVE-2013-5180

CREDITS

Xi Wang

Trust: 0.3

sources: BID: 63347

SOURCES

db:	VULHUB	id:	VHN-65182
db:	BID	id:	63347
db:	JVNDB	id:	JVNDB-2013-004847
db:	CNNVD	id:	CNNVD-201310-591
db:	NVD	id:	CVE-2013-5180

LAST UPDATE DATE

2025-04-11T20:14:48.688000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65182	date:	2013-10-24T00:00:00
db:	BID	id:	63347	date:	2013-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-004847	date:	2013-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201310-591	date:	2013-11-08T00:00:00
db:	NVD	id:	CVE-2013-5180	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65182	date:	2013-10-24T00:00:00
db:	BID	id:	63347	date:	2013-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-004847	date:	2013-10-25T00:00:00
db:	CNNVD	id:	CNNVD-201310-591	date:	2013-10-24T00:00:00
db:	NVD	id:	CVE-2013-5180	date:	2013-10-24T03:48:52.223