SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple Mac OS X Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information and Local Users Bypass Access Controls and Deny Service
SecurityTracker Alert ID:  1029234
SecurityTracker URL:  http://securitytracker.com/id/1029234
CVE Reference:   CVE-2013-5165, CVE-2013-5179, CVE-2013-5166, CVE-2013-5167, CVE-2013-5168, CVE-2013-5169, CVE-2013-5170, CVE-2013-5171, CVE-2013-5172, CVE-2013-5173, CVE-2013-5174, CVE-2013-5175, CVE-2013-5176, CVE-2013-5177, CVE-2013-5184, CVE-2013-5178, CVE-2013-5180, CVE-2013-5181, CVE-2013-5182, CVE-2013-5183, CVE-2013-5185, CVE-2013-5186, CVE-2013-5189, CVE-2013-5190, CVE-2013-5187, CVE-2013-5188, CVE-2013-5191, CVE-2013-5192   (Links to External Site)
Date:  Oct 23 2013
Impact:   Denial of service via local system, Disclosure of system information, Execution of arbitrary code via network, Host/resource access via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.9
Description:   Multiple vulnerabilities were reported in Apple Mac OS X. A remote user can cause arbitrary code to be executed on the target user's system. A local user can bypass access controls. A local user can cause denial of service conditions. A remote user can obtain potentially sensitive information.

The 'socketfilterfw --blockApp' command does not properly block applications [CVE-2013-5165]. A remote user can connect to applications. Alexander Frangis of PopCap Games reported this vulnerability.

An application can exploit a flaw in the LaunchServices interface and pass specially crafted arguments to a new process to bypass the sandbox [CVE-2013-5179]. Friedrich Graeter of The Soulmen GbR reported this vulnerability.

A local application can exploit a flaw in the Bluetooth USB host controller to delete interfaces [CVE-2013-5166]. Stefano Bianchi Mazzone, Mattia Pagnozzi, and
Aristide Fattori of Computer and Network Security Lab (LaSER), Universita degli Studi di Milano reported this vulnerability.

A session cookie may persist after Safari is closed [CVE-2013-5167]. Graham Bennett, Rob Ansaldo of Amherst College reported this vulnerability.

When a local user on the console clicks on a specially crafted log entry, an application may be executed [CVE-2013-5168]. Aaron Sigel of vtty.com reported this vulnerability.

A window may be displayed over the lock screen after the display has gone to sleep [CVE-2013-5169].

A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a buffer underflow and execute arbitrary code on the target system [CVE-2013-5170]. Will Dormann of the CERT/CC reported this vulnerability.

A local application can register for a hotkey event to log user keystrokes entered into another application even when secure input mode is enabled [CVE-2013-5171].

A kernel panic may occur when SHA-2 digest functions are used [CVE-2013-5172]. Christoph Nadig of Lobotomo Software, [equinux ag], reported this vulnerability.

A local user can exploit a flaw in the kernel random number generator to lock the generator for long periods of time [CVE-2013-5173]. Jaakko Pero of Aalto University reported this vulnerability.

A local user can trigger an integer sign error in the processing of tty reads to cause the system to crash [CVE-2013-5174]. CESG reported this vulnerability.

A local user can exploit a flaw in the processing of Mach-O files to view kernel memory contents or cause the kernel to crash [CVE-2013-5175].

A local user can trigger an integer truncation flaw in the processing of tty devices to cause the system to hang [CVE-2013-5176]. CESG reported this vulnerability.

A local user can supply a specially crafted iovec structure to cause a kernel panic [CVE-2013-5177]. CESG reported this vulnerability.

A remote user can send a specially crafted multicast program vi Wi-Fi to cause the system to crash [CVE-2013-5184]. Octoshape reported this vulnerability.

A local user can create a specially named file using certain unicode characters to cause the system to display the file with the wrong extension [CVE-2013-5178].Jesse Ruderman of Mozilla Corporation and Stephane Sudre of Intego reported this vulnerability.

In certain cases where the kernel random number generator is not accessible to srandomdev(), the function will use a source that is not random [CVE-2013-5180]. Xi Wang reported this vulnerability.

The Mail application may select plaintext authentication over CRAM-MD5 authentication when auto-configuring [CVE-2013-5181].

A remote user can send a specially crafted mail message that will appear to have a valid signature [CVE-2013-5182]. Michael Roitzsch of Technische Universitat Dresden reported this vulnerability.

When Kerberos authentication is enabled and TLS is disabled, the mail application sends some unencrypted data to the mail server and cause the connection to be terminated [CVE-2013-5183]. Richard E. Silverman of www.qoxp.net reported this vulnerability.

The OpenLDAP ldapsearch command line tool does not honor the minssf configuration, which may cause weak encryption to be used [CVE-2013-5185].

The screen lock may not engage after the specified time period due to a locking condition in power assertion management [CVE-2013-5186]. David Herman at Sensible DB Design reported this vulnerability.

When the "Require an administrator password to access system preferences with lock icons" setting is enabled, a subsequent software update or upgrade may disable the setting [CVE-2013-5189]. Greg Onufer reported this vulnerability.

When certificate revocation checks are enabled, Smart Card Services may be unavailable [CVE-2013-5190]. Yongjun Jeon of Centrify Corporation reported this vulnerability.

The 'lock screen' command in the Keychain Status menu bar item does not take effect until after the sleep delay has elapsed [CVE-2013-5187]. Michael Kisor of OrganicOrb.com, Christian Knappskog of NTNU (Norwegian University of Science and Technology), Stefan Gronke (CCC Trier), and Patrick Reed reported this vulnerability.

A physically local user may be able to wake a hibernated system that uses Autologin without using a password [CVE-2013-5188]. Levi Musters reported this vulnerability.

A local guest user can view the console log from previous guest user sessions [CVE-2013-5191]. Sven-S. Porst of earthlingsoft reported this vulnerability.

A local application can trigger a flaw in the USB hub controller to cause the system to crash [CVE-2013-5192]. Stefano Bianchi Mazzone, Mattia Pagnozzi, and Aristide Fattori of Computer and Network Security Lab (LaSER), Universita degli Studi di Milano, reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can bypass access controls on the target system.

A local user can cause the target system to crash or hang.

A remote user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix (10.9).

The vendor's advisory is available at:

http://support.apple.com/kb/HT6011

Vendor URL:  support.apple.com/kb/HT6011 (Links to External Site)
Cause:   Access control error, Boundary error, Randomization error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC