Lucene search

[email protected]CVE-2013-3954

HistoryJun 05, 2013 - 2:39 p.m.

CVE-2013-3954

2013-06-0514:39:57

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-3954

nvd

xnu kernel

apple

mac os x

denial of service

sensitive information

posix_spawn

10.8.x

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

5.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer.

Affected configurations

NVD

Node

applemac_os_xMatch10.8.0

applemac_os_xMatch10.8.1

applemac_os_xMatch10.8.2

applemac_os_xMatch10.8.3

applemac_os_xMatch10.8.4

Node

appleiphone_osRange≤6.1.4

appleiphone_osMatch1.0.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

appleiphone_osMatch2.1.1

appleiphone_osMatch2.2

appleiphone_osMatch2.2.1

appleiphone_osMatch3.0

appleiphone_osMatch3.0.1

appleiphone_osMatch3.1

appleiphone_osMatch3.1.2

appleiphone_osMatch3.1.3

appleiphone_osMatch3.2

appleiphone_osMatch3.2.1

appleiphone_osMatch3.2.2

appleiphone_osMatch4.0

appleiphone_osMatch4.0.1

appleiphone_osMatch4.0.2

appleiphone_osMatch4.1

appleiphone_osMatch4.2.1

appleiphone_osMatch4.2.5

appleiphone_osMatch4.2.8

appleiphone_osMatch4.3.0

appleiphone_osMatch4.3.1

appleiphone_osMatch4.3.2

appleiphone_osMatch4.3.3

appleiphone_osMatch4.3.5

appleiphone_osMatch5.0

appleiphone_osMatch5.0.1

appleiphone_osMatch5.1

appleiphone_osMatch5.1.1

appleiphone_osMatch6.0

appleiphone_osMatch6.0.1

appleiphone_osMatch6.0.2

appleiphone_osMatch6.1

appleiphone_osMatch6.1.2

appleiphone_osMatch6.1.3

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.8.0
apple:mac_os_xapple mac os xeq10.8.1
apple:mac_os_xapple mac os xeq10.8.2
apple:mac_os_xapple mac os xeq10.8.3
apple:mac_os_xapple mac os xeq10.8.4

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.8.0
apple:mac_os_x	apple mac os x	eq	10.8.1
apple:mac_os_x	apple mac os x	eq	10.8.2
apple:mac_os_x	apple mac os x	eq	10.8.3
apple:mac_os_x	apple mac os x	eq	10.8.4