CVE Vulnerabilities

CVE-2013-3949

Published: Jun 05, 2013 | Modified: Jun 05, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function.

Affected Software

Name Vendor Start Version End Version
Mac_os_x Apple 10.8.0 10.8.0
Mac_os_x Apple 10.8.1 10.8.1
Mac_os_x Apple 10.8.2 10.8.2
Mac_os_x Apple 10.8.3 10.8.3
Mac_os_x Apple 10.8.4 10.8.4

References