2 matches found
CVE-2013-3949
The posixspawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the POSIXSPAWNDISABLEASLR and POSIXSPAWNALLOWDATAEXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the...
CVE-2013-3949
The CVE-2013-3949 entry concerns the XNU kernel used in Apple Mac OS X 10.8.x. The issue arises in the posix_spawn system call, which does not prevent the use of _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid/setgid programs. This enables local users to bypass intende...