CVE-2013-3951

sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.

Published: Jun 5, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-3951
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
apple / watchos	-	1.0.1.x
apple / iphone_os	-	8.2.x
apple / mac_os_x	-	10.10.4.x
apple / mac_os_x	10.8.3	10.8.3.x
apple / iphone_os	6.1.3	6.1.3.x
apple / mac_os_x	10.8.4	10.8.4.x
apple / mac_os_x	10.8.1	10.8.1.x
apple / mac_os_x	10.8.0	10.8.0.x
apple / mac_os_x	10.8.2	10.8.2.x

http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://www.securitytracker.com/id/1033703
http://www.syscan.org/index.php/sg/program/day/2
https://support.apple.com/HT205212
https://support.apple.com/HT205213
https://support.apple.com/HT205267

Vulnerability Database

289,697

CVE-2013-3951