Sign-up

ID

VAR-201402-0392


CVE

CVE-2014-1253


TITLE

Apple Boot Camp of AppleMNT.sys Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001408

DESCRIPTION

AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file. Apple Boot Camp is prone to a memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to cause the application to crash, denying service to legitimate users. Due to the nature of the issue, code execution may be possible, however, it has not been confirmed. This issue is fixed in Boot Camp 5.1. Apple Boot Camp is a set of system plug-ins from Apple (Apple) that supports Mac to run Windows operating system. The plug-in is built into the Mac OS X system. A security vulnerability exists in the AppleMNT.sys file in Apple Boot Camp version 5.0. The issue was addressed through improved bounds checking. CVE-ID CVE-2014-1253 : MJ0011 of 360 Security Center Boot Camp 5.1 may be obtained via Apple Software Update or from: http://support.apple.com/downloads/ Depending on your Mac model, the downloading file name is one of the following two: The download file name: BootCamp5.1.5621.zip Its SHA-1 digest: 72c71be259474836c17ddd400aca2218660b8aac The download file name: BootCamp5.1.5640.zip Its SHA-1 digest: 2998a7881509a87b22abc6764379c0a33b6ced3a Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJS+rIpAAoJEPefwLHPlZEwM0gQAJ5Ffh3VoQKk/psQJN6ABJar SbijQfk9eILkiO/XDMwrLKmj0183VS1N+xGzLaZqC0wDjwwwUHOJHUGK02+rRPCf pI2NkZeaRJtGeSfC1LjDHbBhToJLY3JbGU8+NiZrWiFwcJMhyHvgcjWQwOvN2X9R jNiHvo5kTBXboaCwBU9NRvWXDmWbCeWPCsAr0WYOsyCMT4fms/2NtygjiregAGBO BL1kDf2BiF+1lcfGD/cQgOyYPrvOhBtIp6//5UhksFY2h90lHu7Dm6FTUKlUyTzh qKVSro4FL87OA2opuPwAOsbX/96XZEgHlHs2mOy2dGkDCZ2LF6KjWARanSIixBFV 2ARsj6ck+O9S+8KBVGEFBPPKN0fNZ7Irhivv/rR+w1AZLMsbLvdGdm4CarrMEogX daPXwiWnMNsWadMVMIeHpjdYprVw/vfIDCqBXwZfLnDeHxtHgMxyNx0uuXrBPDWu HjrB8Uo0/MSp55QyOSY4DLhQWVTC9mNc5CKcMmnmOQtH4niGyXc+D7k2pa7dKHPY NLggsaiNOKiTjUpcgGEOz191Q7vVDGpGCuV81C9k+AYMWToXnffGXYO62zk0NeIH 7sZ9feNCTZHLlFDF0v9KnnyXFLMTcgT0WXtw1RAcBY7UebcaBSS1ljyw45qGo+bA 3J/op5VbemkYblZScFvu =Dlmy -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2014-1253 // JVNDB: JVNDB-2014-001408 // BID: 65522 // VULHUB: VHN-69192 // PACKETSTORM: 125211

AFFECTED PRODUCTS

vendor:applemodel:boot campscope:eqversion:5.0

Trust: 1.6

vendor:applemodel:boot campscope:ltversion:5.1 5

Trust: 0.8

sources: JVNDB: JVNDB-2014-001408 // CNNVD: CNNVD-201402-192 // NVD: CVE-2014-1253

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1253
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1253
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201402-192
value: MEDIUM

Trust: 0.6

VULHUB: VHN-69192
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-1253
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-69192
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69192 // JVNDB: JVNDB-2014-001408 // CNNVD: CNNVD-201402-192 // NVD: CVE-2014-1253

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-20

Trust: 0.8

sources: VULHUB: VHN-69192 // JVNDB: JVNDB-2014-001408 // NVD: CVE-2014-1253

THREAT TYPE

local

Trust: 0.9

sources: BID: 65522 // CNNVD: CNNVD-201402-192

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201402-192

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001408

PATCH
title:HT6126url:http://support.apple.com/kb/HT6126
Trust: 0.8
title:HT6126url:http://support.apple.com/kb/HT6126?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001408

EXTERNAL IDS
db:NVDid:CVE-2014-1253
Trust: 2.9
db:OSVDBid:103267
Trust: 1.1
db:JVNDBid:JVNDB-2014-001408
Trust: 0.8
db:CNNVDid:CNNVD-201402-192
Trust: 0.7
db:APPLEid:APPLE-SA-2014-02-11-1
Trust: 0.6
db:SECUNIAid:56928
Trust: 0.6
db:BIDid:65522
Trust: 0.4
db:PACKETSTORMid:125211
Trust: 0.2
db:VULHUBid:VHN-69192
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69192 // 
            
            
            
            BID: 65522 // 
            
            
            
            JVNDB: JVNDB-2014-001408 // 
            
            
            
            PACKETSTORM: 125211 // 
            
            
            
            CNNVD: CNNVD-201402-192 // 
            
            
            
            NVD: CVE-2014-1253

REFERENCES
url:http://seclists.org/bugtraq/2014/feb/47
Trust: 1.7
url:http://support.apple.com/kb/ht6126
Trust: 1.7
url:http://osvdb.org/103267
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1253
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1253
Trust: 0.8
url:http://secunia.com/advisories/56928
Trust: 0.6
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1253
Trust: 0.1
url:http://support.apple.com/kb/ht1222
Trust: 0.1
url:http://gpgtools.org
Trust: 0.1
url:http://support.apple.com/downloads/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69192 // 
            
            
            
            JVNDB: JVNDB-2014-001408 // 
            
            
            
            PACKETSTORM: 125211 // 
            
            
            
            CNNVD: CNNVD-201402-192 // 
            
            
            
            NVD: CVE-2014-1253

CREDITS
MJ0011 of 360 Security Center
Trust: 0.3
sources:
            
            
            BID: 65522

SOURCES
db:VULHUBid:VHN-69192
db:BIDid:65522
db:JVNDBid:JVNDB-2014-001408
db:PACKETSTORMid:125211
db:CNNVDid:CNNVD-201402-192
db:NVDid:CVE-2014-1253

LAST UPDATE DATE
2025-04-11T23:15:23.173000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-69192date:2015-11-02T00:00:00
db:BIDid:65522date:2014-02-17T10:38:00
db:JVNDBid:JVNDB-2014-001408date:2014-02-17T00:00:00
db:CNNVDid:CNNVD-201402-192date:2014-02-24T00:00:00
db:NVDid:CVE-2014-1253date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-69192date:2014-02-14T00:00:00
db:BIDid:65522date:2014-02-12T00:00:00
db:JVNDBid:JVNDB-2014-001408date:2014-02-17T00:00:00
db:PACKETSTORMid:125211date:2014-02-14T01:41:25
db:CNNVDid:CNNVD-201402-192date:2014-02-18T00:00:00
db:NVDid:CVE-2014-1253date:2014-02-14T13:10:48.780