Details of VAR-201511-0002

ID

VAR-201511-0002

CVE

CVE-2013-5229

TITLE

Apple OS X authentication issue when recovering from sleep mode

Trust: 0.8

sources: JVNDB: JVNDB-2015-000177

DESCRIPTION

The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode. Masaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd. reported this vulnerability to IPA. This may result in command execution at the remote host. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The system supports software distribution, resource management and remote assistance, etc. An attacker in physical proximity could exploit this vulnerability by entering commands into a dialog box to bypass established access restrictions

Trust: 2.07

sources: NVD: CVE-2013-5229 // JVNDB: JVNDB-2015-000177 // BID: 77576 // VULHUB: VHN-65231 // VULMON: CVE-2013-5229

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.8.5	Trust: 1.0
vendor:	apple	model:	remote desktop	scope:	lte	version:	3.6.2	Trust: 1.0
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.6.2	Trust: 0.9
vendor:	apple	model:	mac os x	scope:	eq	version:	mavericks prior to 10.9	Trust: 0.8
vendor:	apple	model:	remote desktop	scope:	eq	version:	prior to 3.7	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.5	Trust: 0.6
vendor:	cosmicperl	model:	directory pro	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.4	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.3.2	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.3	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.9	Trust: 0.3

sources: BID: 77576 // JVNDB: JVNDB-2015-000177 // CNNVD: CNNVD-201511-247 // NVD: CVE-2013-5229

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5229
value:	LOW
Trust: 1.0
IPA:	JVNDB-2015-000177
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201511-247
value:	LOW
Trust: 0.6
VULHUB:	VHN-65231
value:	LOW
Trust: 0.1
VULMON:	CVE-2013-5229
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2013-5229
severity:	LOW
baseScore:	3.7
vectorString:	AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	1.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
IPA:	JVNDB-2015-000177
severity:	LOW
baseScore:	3.7
vectorString:	AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-65231
severity:	LOW
baseScore:	3.7
vectorString:	AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	1.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65231 // VULMON: CVE-2013-5229 // JVNDB: JVNDB-2015-000177 // CNNVD: CNNVD-201511-247 // NVD: CVE-2013-5229

PROBLEMTYPE DATA

problemtype:	CWE-254	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-65231 // JVNDB: JVNDB-2015-000177 // NVD: CVE-2013-5229

THREAT TYPE

local

Trust: 0.9

sources: BID: 77576 // CNNVD: CNNVD-201511-247

TYPE

Design Error

Trust: 0.3

sources: BID: 77576

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-000177

PATCH

title:	Information from Apple	url:	http://jvn.jp/en/jp/JVN56210048/741993/index.html	Trust: 0.8
title:	Apple OS X and Apple Remote Desktop Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58736	Trust: 0.6

sources: JVNDB: JVNDB-2015-000177 // CNNVD: CNNVD-201511-247

EXTERNAL IDS

db:	JVN	id:	JVN56210048	Trust: 2.9
db:	NVD	id:	CVE-2013-5229	Trust: 2.9
db:	JVNDB	id:	JVNDB-2015-000177	Trust: 2.6
db:	SECTRACK	id:	1034187	Trust: 1.2
db:	CNNVD	id:	CNNVD-201511-247	Trust: 0.7
db:	BID	id:	77576	Trust: 0.5
db:	VULHUB	id:	VHN-65231	Trust: 0.1
db:	VULMON	id:	CVE-2013-5229	Trust: 0.1

sources: VULHUB: VHN-65231 // VULMON: CVE-2013-5229 // BID: 77576 // JVNDB: JVNDB-2015-000177 // CNNVD: CNNVD-201511-247 // NVD: CVE-2013-5229

REFERENCES

url:	http://jvn.jp/en/jp/jvn56210048/index.html	Trust: 2.9
url:	http://jvn.jp/en/jp/jvn56210048/741993/index.html	Trust: 1.8
url:	http://jvndb.jvn.jp/jvndb/jvndb-2015-000177	Trust: 1.8
url:	http://www.securitytracker.com/id/1034187	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5229	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5229	Trust: 0.8
url:	http://www.apple.com/remotedesktop/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/254.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/77576	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-65231 // VULMON: CVE-2013-5229 // BID: 77576 // JVNDB: JVNDB-2015-000177 // CNNVD: CNNVD-201511-247 // NVD: CVE-2013-5229

CREDITS

Masaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd.

Trust: 0.3

sources: BID: 77576

SOURCES

db:	VULHUB	id:	VHN-65231
db:	VULMON	id:	CVE-2013-5229
db:	BID	id:	77576
db:	JVNDB	id:	JVNDB-2015-000177
db:	CNNVD	id:	CNNVD-201511-247
db:	NVD	id:	CVE-2013-5229

LAST UPDATE DATE

2024-08-14T15:34:55.590000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65231	date:	2017-09-14T00:00:00
db:	VULMON	id:	CVE-2013-5229	date:	2017-09-14T00:00:00
db:	BID	id:	77576	date:	2015-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-000177	date:	2015-11-17T00:00:00
db:	CNNVD	id:	CNNVD-201511-247	date:	2015-11-16T00:00:00
db:	NVD	id:	CVE-2013-5229	date:	2017-09-14T01:29:00.210

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65231	date:	2015-11-14T00:00:00
db:	VULMON	id:	CVE-2013-5229	date:	2015-11-14T00:00:00
db:	BID	id:	77576	date:	2015-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-000177	date:	2015-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201511-247	date:	2015-11-16T00:00:00
db:	NVD	id:	CVE-2013-5229	date:	2015-11-14T03:59:00.127