QwikSec

Security Database

CVE

CWE

Training

CVE-2013-3954

Published: Jun 5, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.syscan.org/index.php/sg/program/day/2

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf

x_refsource_MISC

APPLE-SA-2013-10-22-3

vendor-advisory

x_refsource_APPLE

third-party-advisory

x_refsource_SECUNIA

http://support.apple.com/kb/HT5934

x_refsource_CONFIRM

APPLE-SA-2013-09-18-2

vendor-advisory

x_refsource_APPLE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.