← Volver a CVEs
CVE-2013-3951
N/ADescripcion
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado6/5/2013
Ultima modificacion4/29/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
apple:iphone_osapple:mac_os_xapple:watchos
Debilidades (CWE)
CWE-20
Referencias
http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf(cve@mitre.org)
http://www.securitytracker.com/id/1033703(cve@mitre.org)
http://www.syscan.org/index.php/sg/program/day/2(cve@mitre.org)
https://support.apple.com/HT205212(cve@mitre.org)
https://support.apple.com/HT205213(cve@mitre.org)
https://support.apple.com/HT205267(cve@mitre.org)
http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf(af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1033703(af854a3a-2127-422b-91ae-364da2661108)
http://www.syscan.org/index.php/sg/program/day/2(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT205212(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT205213(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT205267(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.