Sign-up

ID

VAR-201404-0207


CVE

CVE-2014-1314


TITLE

Apple OS X of WindowServer Vulnerabilities that bypass the sandbox protection mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2014-002205

DESCRIPTION

WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within WindowServer. The issue lies in the failure to prevent sandboxed applications from creating new sessions. An attacker can leverage this to execute code outside the context of the sandbox. Failed exploit attempts may result in a denial-of-service condition. Apple Mac OS X 10.8.5 and 10.9.2 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-1 Security Update 2014-002 Security Update 2014-002 is now available and addresses the following: CFNetwork HTTPProtocol Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris CoreServicesUIAgent Available for: OS X Mavericks v10.9.2 Impact: Visiting a maliciously crafted website or URL may result in an unexpected application termination or arbitrary code execution Description: A format string issue existed in the handling of URLs. This issue was addressed through additional validation of URLs. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2014-1315 : Lukasz Pilorz of runic.pl, Erik Kooistra FontParser Available for: OS X Mountain Lion v10.8.5 Impact: Opening a maliciously crafted PDF file may result in an unexpected application termination or arbitrary code execution Description: A buffer underflow existed in the handling of fonts in PDF files. This issue was addressed through additional bounds checking. This issue does not affect OS X Mavericks systems. CVE-ID CVE-2013-5170 : Will Dormann of CERT/CC Heimdal Kerberos Available for: OS X Mavericks v10.9.2 Impact: A remote attacker may be able to cause a denial of service Description: A reachable abort existed in the handling of ASN.1 data. This issue was addressed through additional validation of ASN.1 data. CVE-ID CVE-2014-1316 : Joonas Kuorilehto of Codenomicon ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved bounds checking. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2014-1319 : Cristian Draghici of Modulo Consulting, Karl Smith of NCC Group Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: A malicious application can take control of the system Description: A validation issue existed in the handling of a pointer from userspace. This issue was addressed through additional validation of pointers. CVE-ID CVE-2014-1318 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative IOKit Kernel Available for: OS X Mavericks v10.9.2 Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Kernel Available for: OS X Mavericks v10.9.2 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in a XNU object could be retrieved from userland. This issue was addressed through removing the pointer from the object. CVE-ID CVE-2014-1322 : Ian Beer of Google Project Zero Power Management Available for: OS X Mavericks v10.9.2 Impact: The screen might not lock Description: If a key was pressed or the trackpad touched just after the lid was closed, the system might have tried to wake up while going to sleep, which would have caused the screen to be unlocked. This issue was addressed by ignoring keypresses while going to sleep. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2014-1321 : Paul Kleeberg of Stratis Health Bloomington MN, Julian Sincu at the Baden-Wuerttemberg Cooperative State University (DHBW Stuttgart), Gerben Wierda of R&A, Daniel Luz Ruby Available for: OS X Mavericks v10.9.2 Impact: Running a Ruby script that handles untrusted YAML tags may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in LibYAML's handling of YAML tags. This issue was addressed through additional validation of YAML tags. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2013-6393 Ruby Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: Running a Ruby script that uses untrusted input to create a Float object may lead to an unexpected application termination or arbitrary code execution Description: A heap-based buffer overflow issue existed in Ruby when converting a string to a floating point value. This issue was addressed through additional validation of floating point values. CVE-ID CVE-2013-4164 Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1314 : KeenTeam working with HP's Zero Day Initiative Note: Security Update 2014-002 for OS X Mavericks systems includes the security content of Safari 7.0.3: http://support.apple.com/kb/HT6181 Security Update 2014-002 may be obtained via the Apple Software Update application, and from the Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVqgEAAoJEPefwLHPlZEw0L8P/RIqgQPc1/RnmPBCKVnZ0QyI 8V9jV07LyXTPySL3at/sAFac148ZYqu9cSKtRWB1oAQCnC8C20EIDLBvsysmKT/a zqLUP8ZGcd4jC4UYUleVgl4U9SXkp0L/HwpASXeRHGeUd/tN4eCBEgDfKSMdm8/s 4S70gTQPRRsQR3D8RkcOITJVFCaDFy/em3AbEJyAm7yDsDOinJdRrirRe7W1Q/p6 KBOmQYb73m0ykg08jgCjohxhTE9gpNeMeR7smN+7GsRb6XFlUOJGtnlePyLm1hN3 85e0KRnQyhTGXJ7y6MTmKzzwJ6/iVZvEeXK1IFwXEkwLLmp5uhp7wfT3DkZZSnBm +uo5g2aSQ80+7ZR9psUQwXOn8/6cFyKbG5tHxkh8IY6qLacvHP5yBcw3gqlUNPg5 2vCNWqhL8fEqncx7K1QC8CxwLQMVw9QnolukdjOxT66+kI0F/mDGeGdf/mYkGBJF ZECjWZsoekGq4TMu75MPn8BlwFpaLnObPi9pC+56BDhEz7f39bqBvkAaW61cQgj4 lRwlEHWNBFlO9XVkQwdmYrZoaeAAVxGG+iPt225dmXXZtWGMs5nYIzPj8GzRoNWQ gYAGZAOBr6pGJCQmfJIy4tLKj0H9za9pxX9RqavKrZyEtTcxpUmrh91mGZiI4eo0 7hmpILk22+6xv6pWCw8D =WWPv -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2014-1314 // JVNDB: JVNDB-2014-002205 // ZDI: ZDI-14-390 // BID: 67026 // VULHUB: VHN-69253 // PACKETSTORM: 126269

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.8.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.9.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.9

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.3

Trust: 1.6

vendor:applemodel:mac os xscope:lteversion:10.9.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.8.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.9.2

Trust: 0.8

vendor:applemodel:os xscope: - version: -

Trust: 0.7

vendor:applemodel:mac os xscope:eqversion:10.9.2

Trust: 0.6

sources: ZDI: ZDI-14-390 // JVNDB: JVNDB-2014-002205 // CNNVD: CNNVD-201404-466 // NVD: CVE-2014-1314

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1314
value: HIGH

Trust: 1.0

NVD: CVE-2014-1314
value: HIGH

Trust: 0.8

ZDI: CVE-2014-1314
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201404-466
value: CRITICAL

Trust: 0.6

VULHUB: VHN-69253
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-1314
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2014-1314
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-69253
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-14-390 // VULHUB: VHN-69253 // JVNDB: JVNDB-2014-002205 // CNNVD: CNNVD-201404-466 // NVD: CVE-2014-1314

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-69253 // JVNDB: JVNDB-2014-002205 // NVD: CVE-2014-1314

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-466

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201404-466

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002205

PATCH
title:HT6207url:http://support.apple.com/kb/HT6207
Trust: 0.8
title:HT6207url:http://support.apple.com/kb/HT6207?viewlocale=ja_JP
Trust: 0.8
title:Apple has issued an update to correct this vulnerability.url:http://support.apple.com/en-us/HT202966
Trust: 0.7
sources:
            
            
            ZDI: ZDI-14-390 // 
            
            
            
            JVNDB: JVNDB-2014-002205

EXTERNAL IDS
db:NVDid:CVE-2014-1314
Trust: 3.6
db:JVNid:JVNVU95860341
Trust: 0.8
db:JVNDBid:JVNDB-2014-002205
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2222
Trust: 0.7
db:ZDIid:ZDI-14-390
Trust: 0.7
db:CNNVDid:CNNVD-201404-466
Trust: 0.7
db:APPLEid:APPLE-SA-2014-04-22-1
Trust: 0.6
db:SECUNIAid:58081
Trust: 0.6
db:BIDid:67026
Trust: 0.4
db:VULHUBid:VHN-69253
Trust: 0.1
db:PACKETSTORMid:126269
Trust: 0.1
sources:
            
            
            ZDI: ZDI-14-390 // 
            
            
            
            VULHUB: VHN-69253 // 
            
            
            
            BID: 67026 // 
            
            
            
            JVNDB: JVNDB-2014-002205 // 
            
            
            
            PACKETSTORM: 126269 // 
            
            
            
            CNNVD: CNNVD-201404-466 // 
            
            
            
            NVD: CVE-2014-1314

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1314
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95860341/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1314
Trust: 0.8
url:http://support.apple.com/en-us/ht202966
Trust: 0.7
url:http://secunia.com/advisories/58081
Trust: 0.6
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2013-5170
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1315
Trust: 0.1
url:http://www.apple.com/support/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-6393
Trust: 0.1
url:http://support.apple.com/kb/ht6181
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1295
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1314
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1316
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1319
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1320
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1322
Trust: 0.1
url:http://support.apple.com/kb/ht1222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1296
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1318
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1321
Trust: 0.1
url:http://gpgtools.org
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-4164
Trust: 0.1
sources:
            
            
            ZDI: ZDI-14-390 // 
            
            
            
            VULHUB: VHN-69253 // 
            
            
            
            BID: 67026 // 
            
            
            
            JVNDB: JVNDB-2014-002205 // 
            
            
            
            PACKETSTORM: 126269 // 
            
            
            
            CNNVD: CNNVD-201404-466 // 
            
            
            
            NVD: CVE-2014-1314

CREDITS
Liang Chen of KeenTeam
Trust: 0.7
sources:
            
            
            ZDI: ZDI-14-390

SOURCES
db:ZDIid:ZDI-14-390
db:VULHUBid:VHN-69253
db:BIDid:67026
db:JVNDBid:JVNDB-2014-002205
db:PACKETSTORMid:126269
db:CNNVDid:CNNVD-201404-466
db:NVDid:CVE-2014-1314

LAST UPDATE DATE
2025-04-13T22:04:11.146000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-14-390date:2014-12-02T00:00:00
db:VULHUBid:VHN-69253date:2014-04-24T00:00:00
db:BIDid:67026date:2014-12-03T05:57:00
db:JVNDBid:JVNDB-2014-002205date:2014-04-24T00:00:00
db:CNNVDid:CNNVD-201404-466date:2014-04-24T00:00:00
db:NVDid:CVE-2014-1314date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-14-390date:2014-12-02T00:00:00
db:VULHUBid:VHN-69253date:2014-04-23T00:00:00
db:BIDid:67026date:2014-04-22T00:00:00
db:JVNDBid:JVNDB-2014-002205date:2014-04-24T00:00:00
db:PACKETSTORMid:126269date:2014-04-23T00:00:30
db:CNNVDid:CNNVD-201404-466date:2014-04-24T00:00:00
db:NVDid:CVE-2014-1314date:2014-04-23T11:52:59.417