Sign-up

ID

VAR-201402-0403


CVE

CVE-2014-1264


TITLE

Apple Mac OS X of Finder Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2014-001490

DESCRIPTION

Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL. Apple Mac OS X is prone to multiple vulnerabilities. The update addresses new vulnerabilities that affect ATS, CFNetwork Cookies, CoreAnimation, CoreText, Date and Time, curl, QuickTime, QuickLook, Finder, and File Bookmark components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X versions prior to 10.9.2

Trust: 1.98

sources: NVD: CVE-2014-1264 // JVNDB: JVNDB-2014-001490 // BID: 65777 // VULHUB: VHN-69203

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.9

Trust: 1.6

vendor:applemodel:mac os xscope:lteversion:10.9.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.9

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.9.1

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.1

Trust: 0.6

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

sources: BID: 65777 // JVNDB: JVNDB-2014-001490 // CNNVD: CNNVD-201402-455 // NVD: CVE-2014-1264

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1264
value: LOW

Trust: 1.0

NVD: CVE-2014-1264
value: LOW

Trust: 0.8

CNNVD: CNNVD-201402-455
value: LOW

Trust: 0.6

VULHUB: VHN-69203
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2014-1264
severity: LOW
baseScore: 3.3
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-69203
severity: LOW
baseScore: 3.3
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69203 // JVNDB: JVNDB-2014-001490 // CNNVD: CNNVD-201402-455 // NVD: CVE-2014-1264

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-69203 // JVNDB: JVNDB-2014-001490 // NVD: CVE-2014-1264

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201402-455

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201402-455

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001490

PATCH
title:APPLE-SA-2014-02-25-1url:http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html
Trust: 0.8
title:HT6150url:http://support.apple.com/kb/HT6150
Trust: 0.8
title:HT6150url:http://support.apple.com/kb/HT6150?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001490

EXTERNAL IDS
db:NVDid:CVE-2014-1264
Trust: 2.8
db:JVNid:JVNVU95868425
Trust: 0.8
db:JVNDBid:JVNDB-2014-001490
Trust: 0.8
db:CNNVDid:CNNVD-201402-455
Trust: 0.7
db:BIDid:65777
Trust: 0.3
db:VULHUBid:VHN-69203
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69203 // 
            
            
            
            BID: 65777 // 
            
            
            
            JVNDB: JVNDB-2014-001490 // 
            
            
            
            CNNVD: CNNVD-201402-455 // 
            
            
            
            NVD: CVE-2014-1264

REFERENCES
url:http://support.apple.com/kb/ht6150
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1264
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95868425/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1264
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-69203 // 
            
            
            
            BID: 65777 // 
            
            
            
            JVNDB: JVNDB-2014-001490 // 
            
            
            
            CNNVD: CNNVD-201402-455 // 
            
            
            
            NVD: CVE-2014-1264

CREDITS
Roland Moriz of Moriz GmbH, Felix Groebert of the Google Security Team, Meder Kydyraliev of the Google Security Team,
Rob Ansaldo of Amherst College, Graham Bennett Karl Smith of NCC Group, Apple, Lucas Apa and Carlos Mario Penagos of IOActive Labs, Tom Ga
Trust: 0.3
sources:
            
            
            BID: 65777

SOURCES
db:VULHUBid:VHN-69203
db:BIDid:65777
db:JVNDBid:JVNDB-2014-001490
db:CNNVDid:CNNVD-201402-455
db:NVDid:CVE-2014-1264

LAST UPDATE DATE
2025-04-13T21:42:55.446000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-69203date:2014-03-10T00:00:00
db:BIDid:65777date:2014-04-17T00:49:00
db:JVNDBid:JVNDB-2014-001490date:2014-03-14T00:00:00
db:CNNVDid:CNNVD-201402-455date:2014-06-17T00:00:00
db:NVDid:CVE-2014-1264date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-69203date:2014-02-27T00:00:00
db:BIDid:65777date:2014-02-25T00:00:00
db:JVNDBid:JVNDB-2014-001490date:2014-02-28T00:00:00
db:CNNVDid:CNNVD-201402-455date:2014-02-28T00:00:00
db:NVDid:CVE-2014-1264date:2014-02-27T01:55:04.100