Lucene search
MitreCVE-2013-3949HistoryJun 05, 2013 - 2:39 p.m.
CVE-2013-3949
2013-06-0514:39:55
CWE-264
mitre
web.nvd.nist.gov
29
cve-2013-3949
xnu kernel
apple
mac os x 10.8.x
posix_spawn
access restrictions
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
Low
EPSS
0
Percentile
5.1%
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function.
Affected configurations
Node
applemac_os_xMatch10.8.0
ORapplemac_os_xMatch10.8.1
ORapplemac_os_xMatch10.8.2
ORapplemac_os_xMatch10.8.3
ORapplemac_os_xMatch10.8.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apple | mac_os_x | 10.8.0 | cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.8.1 | cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.8.2 | cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.8.3 | cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.8.4 | cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2013-3949
2013-06-05 14:39:55
cvelist
cvelist
CVE-2013-3949
2013-06-05 10:00:00
prion
prion
Design/Logic Flaw
2013-06-05 14:39:00
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities - 01 (Jan 2014)
2014-01-20 00:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
Low
EPSS
0
Percentile
5.1%
Related for CVE-2013-3949