Sign-up

ID

VAR-201410-1073


CVE

CVE-2014-4438


TITLE

Apple OS X of LoginWindow Vulnerabilities that gain access

Trust: 0.8

sources: JVNDB: JVNDB-2014-004878

DESCRIPTION

Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted. Apple Mac OS X is prone to a race-condition security vulnerability. A local attacker can leverage this issue to gain unauthorized access to the affected system

Trust: 1.98

sources: NVD: CVE-2014-4438 // JVNDB: JVNDB-2014-004878 // BID: 70622 // VULHUB: VHN-72378

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.9.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.10

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:cosmicperlmodel:directory proscope:eqversion:10.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.03

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

sources: BID: 70622 // JVNDB: JVNDB-2014-004878 // CNNVD: CNNVD-201410-616 // NVD: CVE-2014-4438

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4438
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-4438
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201410-616
value: MEDIUM

Trust: 0.6

VULHUB: VHN-72378
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-4438
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-72378
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-72378 // JVNDB: JVNDB-2014-004878 // CNNVD: CNNVD-201410-616 // NVD: CVE-2014-4438

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-72378 // JVNDB: JVNDB-2014-004878 // NVD: CVE-2014-4438

THREAT TYPE

local

Trust: 0.9

sources: BID: 70622 // CNNVD: CNNVD-201410-616

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201410-616

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004878

PATCH
title:HT6535url:https://support.apple.com/kb/HT6535
Trust: 0.8
title:HT6535url:http://support.apple.com/kb/HT6535?viewlocale=ja_JP
Trust: 0.8
title:OS X Yosemite 10.10 MAS 14A389( Official version of the full firmware )url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52113
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-004878 // 
            
            
            
            CNNVD: CNNVD-201410-616

EXTERNAL IDS
db:NVDid:CVE-2014-4438
Trust: 2.8
db:BIDid:70622
Trust: 1.4
db:SECTRACKid:1031063
Trust: 1.1
db:JVNid:JVNVU97537282
Trust: 0.8
db:JVNDBid:JVNDB-2014-004878
Trust: 0.8
db:CNNVDid:CNNVD-201410-616
Trust: 0.7
db:VULHUBid:VHN-72378
Trust: 0.1
sources:
            
            
            VULHUB: VHN-72378 // 
            
            
            
            BID: 70622 // 
            
            
            
            JVNDB: JVNDB-2014-004878 // 
            
            
            
            CNNVD: CNNVD-201410-616 // 
            
            
            
            NVD: CVE-2014-4438

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
Trust: 2.5
url:https://support.apple.com/kb/ht6535
Trust: 1.7
url:http://www.securityfocus.com/bid/70622
Trust: 1.1
url:http://www.securitytracker.com/id/1031063
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/97630
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4438
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97537282/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4438
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-72378 // 
            
            
            
            BID: 70622 // 
            
            
            
            JVNDB: JVNDB-2014-004878 // 
            
            
            
            CNNVD: CNNVD-201410-616 // 
            
            
            
            NVD: CVE-2014-4438

CREDITS
Harry Sintonen of nSense, Alessandro Lobina of Helvetia Insurances, Patryk Szlagowski of Funky Monkey Labs
Trust: 0.3
sources:
            
            
            BID: 70622

SOURCES
db:VULHUBid:VHN-72378
db:BIDid:70622
db:JVNDBid:JVNDB-2014-004878
db:CNNVDid:CNNVD-201410-616
db:NVDid:CVE-2014-4438

LAST UPDATE DATE
2025-04-13T19:46:34.805000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-72378date:2017-08-29T00:00:00
db:BIDid:70622date:2014-10-21T18:02:00
db:JVNDBid:JVNDB-2014-004878date:2015-12-02T00:00:00
db:CNNVDid:CNNVD-201410-616date:2014-10-22T00:00:00
db:NVDid:CVE-2014-4438date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-72378date:2014-10-18T00:00:00
db:BIDid:70622date:2014-10-16T00:00:00
db:JVNDBid:JVNDB-2014-004878date:2014-10-22T00:00:00
db:CNNVDid:CNNVD-201410-616date:2014-10-22T00:00:00
db:NVDid:CVE-2014-4438date:2014-10-18T01:55:13.667