QwikSec

Security Database

CVE

CWE

Training

CVE-2013-3949

Published: Jun 5, 2013

Modified: Sep 16, 2024

PUBLISHED

Description

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.syscan.org/index.php/sg/program/day/2

x_refsource_MISC

http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.