Details of VAR-201409-0486

ID

VAR-201409-0486

CVE

CVE-2014-4403

TITLE

Apple OS X Vulnerability in obtaining critical address information in the kernel

Trust: 0.8

sources: JVNDB: JVNDB-2014-004350

DESCRIPTION

The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. Apple Mac OS X is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions

Trust: 1.98

sources: NVD: CVE-2014-4403 // JVNDB: JVNDB-2014-004350 // BID: 69910 // VULHUB: VHN-72343

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9 to 10.9.4	Trust: 0.8
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.9.5	Trust: 0.3

sources: BID: 69910 // JVNDB: JVNDB-2014-004350 // CNNVD: CNNVD-201409-713 // NVD: CVE-2014-4403

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4403
value:	LOW
Trust: 1.0
NVD:	CVE-2014-4403
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201409-713
value:	LOW
Trust: 0.6
VULHUB:	VHN-72343
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2014-4403
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-72343
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-72343 // JVNDB: JVNDB-2014-004350 // CNNVD: CNNVD-201409-713 // NVD: CVE-2014-4403

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-72343 // JVNDB: JVNDB-2014-004350 // NVD: CVE-2014-4403

THREAT TYPE

local

Trust: 0.9

sources: BID: 69910 // CNNVD: CNNVD-201409-713

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201409-713

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004350

PATCH

title:	HT6443	url:	http://support.apple.com/kb/HT6443	Trust: 0.8
title:	HT6443	url:	http://support.apple.com/kb/HT6443?viewlocale=ja_JP	Trust: 0.8
title:	OSXUpd10.9.5	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51639	Trust: 0.6

sources: JVNDB: JVNDB-2014-004350 // CNNVD: CNNVD-201409-713

EXTERNAL IDS

db:	NVD	id:	CVE-2014-4403	Trust: 2.8
db:	BID	id:	69910	Trust: 1.4
db:	SECTRACK	id:	1030868	Trust: 1.1
db:	JVN	id:	JVNVU93868849	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004350	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-713	Trust: 0.7
db:	VULHUB	id:	VHN-72343	Trust: 0.1

sources: VULHUB: VHN-72343 // BID: 69910 // JVNDB: JVNDB-2014-004350 // CNNVD: CNNVD-201409-713 // NVD: CVE-2014-4403

REFERENCES

url:	http://support.apple.com/kb/ht6443	Trust: 2.0
url:	http://www.securityfocus.com/bid/69910	Trust: 1.1
url:	http://www.securitytracker.com/id/1030868	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/96064	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4403	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93868849/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4403	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-72343 // BID: 69910 // JVNDB: JVNDB-2014-004350 // CNNVD: CNNVD-201409-713 // NVD: CVE-2014-4403

CREDITS

Ian Beer of Google Project Zero

Trust: 0.3

sources: BID: 69910

SOURCES

db:	VULHUB	id:	VHN-72343
db:	BID	id:	69910
db:	JVNDB	id:	JVNDB-2014-004350
db:	CNNVD	id:	CNNVD-201409-713
db:	NVD	id:	CVE-2014-4403

LAST UPDATE DATE

2025-04-13T19:36:40.630000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-72343	date:	2017-08-29T00:00:00
db:	BID	id:	69910	date:	2014-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-004350	date:	2014-09-22T00:00:00
db:	CNNVD	id:	CNNVD-201409-713	date:	2014-09-22T00:00:00
db:	NVD	id:	CVE-2014-4403	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-72343	date:	2014-09-19T00:00:00
db:	BID	id:	69910	date:	2014-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-004350	date:	2014-09-22T00:00:00
db:	CNNVD	id:	CNNVD-201409-713	date:	2014-09-22T00:00:00
db:	NVD	id:	CVE-2014-4403	date:	2014-09-19T10:55:04.013