SB2013060509 - Permissions, Privileges, and Access Controls in Apple MAC OS X

Description

This security bulletin contains information about 1 vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-3949)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function.

Remediation

Install update from vendor's website.

References

• http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf
• http://www.syscan.org/index.php/sg/program/day/2