Details of VAR-201904-1371

ID

VAR-201904-1371

CVE

CVE-2018-4411

TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-008908

DESCRIPTION

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the FODBWriteToAnnex method. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. macOS High Sierra is its next generation. ATS is one of the security protocol components. A security vulnerability exists in the ATS component of Apple macOS Sierra version 10.12.6 and macOS High Sierra version 10.13.6. An attacker could exploit this vulnerability with a malicious application to elevate privileges (memory corruption)

Trust: 3.87

sources: NVD: CVE-2018-4411 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014889 // JVNDB: JVNDB-2018-007762 // ZDI: ZDI-18-1327 // VULHUB: VHN-134442 // VULMON: CVE-2018-4411

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.14	Trust: 1.8
vendor:	apple	model:	icloud	scope:	lt	version:	for windows 7.8 earlier	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	12.1 earlier	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.9.1 earlier	Trust: 0.8
vendor:	apple	model:	macos high sierra	scope:	eq	version:	(security update 2018-001 not applied )	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14.1 earlier	Trust: 0.8
vendor:	apple	model:	macos sierra	scope:	eq	version:	(security update 2018-005 not applied )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	12.0.1 earlier	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	12.1 earlier	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	5.1 earlier	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 0.8
vendor:	apple	model:	macos mojave	scope:	lt	version:	10.14 earlier	Trust: 0.8
vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-18-1327 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014889 // JVNDB: JVNDB-2018-007762 // NVD: CVE-2018-4411

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4411
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4411
value:	HIGH
Trust: 0.8
ZDI:	CVE-2018-4411
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201810-1514
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134442
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-4411
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4411
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
ZDI:	CVE-2018-4411
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-134442
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4411
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-18-1327 // VULHUB: VHN-134442 // VULMON: CVE-2018-4411 // JVNDB: JVNDB-2018-014889 // CNNVD: CNNVD-201810-1514 // NVD: CVE-2018-4411

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-134442 // JVNDB: JVNDB-2018-014889 // NVD: CVE-2018-4411

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1514

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1514

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008908

PATCH

title:	About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra	url:	https://support.apple.com/en-us/HT209193	Trust: 1.6
title:	HT209139	url:	https://support.apple.com/en-us/HT209139	Trust: 1.6
title:	About the security content of iTunes 12.9.1	url:	https://support.apple.com/en-us/HT209197	Trust: 0.8
title:	About the security content of iCloud for Windows 7.8	url:	https://support.apple.com/en-us/HT209198	Trust: 0.8
title:	About the security content of Safari 12.0.1	url:	https://support.apple.com/en-us/HT209196	Trust: 0.8
title:	About the security content of tvOS 12.1	url:	https://support.apple.com/en-us/HT209194	Trust: 0.8
title:	About the security content of iOS 12.1	url:	https://support.apple.com/en-us/HT209192	Trust: 0.8
title:	About the security content of watchOS 5.1	url:	https://support.apple.com/en-us/HT209195	Trust: 0.8
title:	HT208334	url:	https://support.apple.com/ja-jp/HT209139	Trust: 0.8
title:	HT209193	url:	https://support.apple.com/ja-jp/HT209193	Trust: 0.8
title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/kb/HT201222	Trust: 0.7
title:	Apple macOS ATS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86492	Trust: 0.6
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/developer3000S/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/hectorgie/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1

sources: ZDI: ZDI-18-1327 // VULMON: CVE-2018-4411 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014889 // JVNDB: JVNDB-2018-007762 // CNNVD: CNNVD-201810-1514

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4411	Trust: 3.3
db:	JVN	id:	JVNVU96365720	Trust: 1.6
db:	JVN	id:	JVNVU99356481	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-008908	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014889	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-007762	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6360	Trust: 0.7
db:	ZDI	id:	ZDI-18-1327	Trust: 0.7
db:	CNNVD	id:	CNNVD-201810-1514	Trust: 0.6
db:	VULHUB	id:	VHN-134442	Trust: 0.1
db:	VULMON	id:	CVE-2018-4411	Trust: 0.1

sources: ZDI: ZDI-18-1327 // VULHUB: VHN-134442 // VULMON: CVE-2018-4411 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014889 // JVNDB: JVNDB-2018-007762 // CNNVD: CNNVD-201810-1514 // NVD: CVE-2018-4411

REFERENCES

url:	https://support.apple.com/kb/ht209139	Trust: 1.8
url:	https://support.apple.com/kb/ht209193	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4411	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu96365720/	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4411	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99356481/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96365720/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99356481/	Trust: 0.8
url:	https://support.apple.com/kb/ht201222	Trust: 0.7
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://seclists.org/fulldisclosure/2018/nov/16	Trust: 0.1
url:	https://github.com/nomi-sec/poc-in-github	Trust: 0.1

CREDITS

lilang wu moony Li of Trend Micro

Trust: 0.7

sources: ZDI: ZDI-18-1327

SOURCES

db:	ZDI	id:	ZDI-18-1327
db:	VULHUB	id:	VHN-134442
db:	VULMON	id:	CVE-2018-4411
db:	JVNDB	id:	JVNDB-2018-008908
db:	JVNDB	id:	JVNDB-2018-014889
db:	JVNDB	id:	JVNDB-2018-007762
db:	CNNVD	id:	CNNVD-201810-1514
db:	NVD	id:	CVE-2018-4411

LAST UPDATE DATE

2024-11-23T20:46:49.035000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-1327	date:	2018-10-30T00:00:00
db:	VULHUB	id:	VHN-134442	date:	2019-04-05T00:00:00
db:	VULMON	id:	CVE-2018-4411	date:	2019-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-008908	date:	2018-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-014889	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-007762	date:	2018-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201810-1514	date:	2019-04-10T00:00:00
db:	NVD	id:	CVE-2018-4411	date:	2024-11-21T04:07:21.717

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-1327	date:	2018-10-30T00:00:00
db:	VULHUB	id:	VHN-134442	date:	2019-04-03T00:00:00
db:	VULMON	id:	CVE-2018-4411	date:	2019-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-008908	date:	2018-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-014889	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-007762	date:	2018-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201810-1514	date:	2018-10-31T00:00:00
db:	NVD	id:	CVE-2018-4411	date:	2019-04-03T18:29:13.970