CVE-2013-3951
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
5.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| apple:iphone_os | apple iphone os | le | 8.2 |
| apple:mac_os_x | apple mac os x | le | 10.10.4 |
| apple:watchos | apple watchos | le | 1.0.1 |
References
antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf
lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
www.securitytracker.com/id/1033703
www.syscan.org/index.php/sg/program/day/2
support.apple.com/HT205212
support.apple.com/HT205213
support.apple.com/HT205267
Related
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
5.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%