Details of VAR-201609-0262

ID

VAR-201609-0262

CVE

CVE-2016-4697

TITLE

Apple OS X of Apple HSSPI Support vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2016-004961

DESCRIPTION

Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the AppleHSSPIHIDDriver kext. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to escalate privileges under the context of the kernel. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. These issues are fixed in: Apple macOS 10.12. Apple HSSPI Support is one of the components used to support HSSPI

Trust: 2.7

sources: NVD: CVE-2016-4697 // JVNDB: JVNDB-2016-004961 // ZDI: ZDI-16-521 // BID: 93055 // VULHUB: VHN-93516 // VULMON: CVE-2016-4697

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.6	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.6	Trust: 1.0
vendor:	apple	model:	os x	scope:	-	version:	-	Trust: 0.7
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12	Trust: 0.3

sources: ZDI: ZDI-16-521 // BID: 93055 // JVNDB: JVNDB-2016-004961 // CNNVD: CNNVD-201609-431 // NVD: CVE-2016-4697

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4697
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-4697
value:	HIGH
Trust: 0.8
ZDI:	CVE-2016-4697
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201609-431
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-93516
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-4697
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-4697
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
ZDI:	CVE-2016-4697
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-93516
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4697
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-16-521 // VULHUB: VHN-93516 // VULMON: CVE-2016-4697 // JVNDB: JVNDB-2016-004961 // CNNVD: CNNVD-201609-431 // NVD: CVE-2016-4697

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-93516 // JVNDB: JVNDB-2016-004961 // NVD: CVE-2016-4697

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-431

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201609-431

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004961

PATCH

title:	HT207170	url:	https://support.apple.com/en-us/HT207170	Trust: 1.5
title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-09-20 macOS Sierra 10.12	url:	http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html	Trust: 0.8
title:	HT207170	url:	https://support.apple.com/ja-jp/HT207170	Trust: 0.8
title:	Apple OS X Apple HSSPI Support Repair measures for memory corruption vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64309	Trust: 0.6
title:	Apple: macOS Sierra 10.12	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=56fe8957a503c1b7b6f00fbd6d759042	Trust: 0.1

sources: ZDI: ZDI-16-521 // VULMON: CVE-2016-4697 // JVNDB: JVNDB-2016-004961 // CNNVD: CNNVD-201609-431

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4697	Trust: 3.6
db:	BID	id:	93055	Trust: 2.1
db:	SECTRACK	id:	1036858	Trust: 1.2
db:	JVN	id:	JVNVU90950877	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-004961	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3822	Trust: 0.7
db:	ZDI	id:	ZDI-16-521	Trust: 0.7
db:	CNNVD	id:	CNNVD-201609-431	Trust: 0.7
db:	ZDI	id:	ZDI-16-608	Trust: 0.3
db:	ZDI	id:	ZDI-16-609	Trust: 0.3
db:	VULHUB	id:	VHN-93516	Trust: 0.1
db:	VULMON	id:	CVE-2016-4697	Trust: 0.1

sources: ZDI: ZDI-16-521 // VULHUB: VHN-93516 // VULMON: CVE-2016-4697 // BID: 93055 // JVNDB: JVNDB-2016-004961 // CNNVD: CNNVD-201609-431 // NVD: CVE-2016-4697

REFERENCES

url:	http://www.securityfocus.com/bid/93055	Trust: 1.9
url:	http://lists.apple.com/archives/security-announce/2016/sep/msg00006.html	Trust: 1.8
url:	https://support.apple.com/ht207170	Trust: 1.8
url:	http://www.securitytracker.com/id/1036858	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4697	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90950877/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4697	Trust: 0.8
url:	https://support.apple.com/en-us/ht207170	Trust: 0.7
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2016/sep/msg00006.html	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-608/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-609/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-osx-cd9660-cve-2016-4706	Trust: 0.1
url:	https://support.apple.com/kb/ht207170	Trust: 0.1

sources: ZDI: ZDI-16-521 // VULHUB: VHN-93516 // VULMON: CVE-2016-4697 // BID: 93055 // JVNDB: JVNDB-2016-004961 // CNNVD: CNNVD-201609-431 // NVD: CVE-2016-4697

CREDITS

Qidan He(@flanker_hqd) from KeenLab

Trust: 0.7

sources: ZDI: ZDI-16-521

SOURCES

db:	ZDI	id:	ZDI-16-521
db:	VULHUB	id:	VHN-93516
db:	VULMON	id:	CVE-2016-4697
db:	BID	id:	93055
db:	JVNDB	id:	JVNDB-2016-004961
db:	CNNVD	id:	CNNVD-201609-431
db:	NVD	id:	CVE-2016-4697

LAST UPDATE DATE

2025-04-13T20:28:30.807000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-521	date:	2016-09-20T00:00:00
db:	VULHUB	id:	VHN-93516	date:	2017-07-30T00:00:00
db:	VULMON	id:	CVE-2016-4697	date:	2017-07-30T00:00:00
db:	BID	id:	93055	date:	2016-11-24T01:11:00
db:	JVNDB	id:	JVNDB-2016-004961	date:	2016-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201609-431	date:	2016-09-26T00:00:00
db:	NVD	id:	CVE-2016-4697	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-16-521	date:	2016-09-20T00:00:00
db:	VULHUB	id:	VHN-93516	date:	2016-09-25T00:00:00
db:	VULMON	id:	CVE-2016-4697	date:	2016-09-25T00:00:00
db:	BID	id:	93055	date:	2016-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2016-004961	date:	2016-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201609-431	date:	2016-09-26T00:00:00
db:	NVD	id:	CVE-2016-4697	date:	2016-09-25T10:59:06.013