ID

VAR-201511-0002


CVE

CVE-2013-5229


TITLE

Apple OS X authentication issue when recovering from sleep mode

Trust: 0.8

sources: JVNDB: JVNDB-2015-000177

DESCRIPTION

The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode. Masaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd. reported this vulnerability to IPA. This may result in command execution at the remote host. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The system supports software distribution, resource management and remote assistance, etc. An attacker in physical proximity could exploit this vulnerability by entering commands into a dialog box to bypass established access restrictions

Trust: 2.07

sources: NVD: CVE-2013-5229 // JVNDB: JVNDB-2015-000177 // BID: 77576 // VULHUB: VHN-65231 // VULMON: CVE-2013-5229

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.8.5

Trust: 1.0

vendor:applemodel:remote desktopscope:lteversion:3.6.2

Trust: 1.0

vendor:applemodel:remote desktopscope:eqversion:3.6.2

Trust: 0.9

vendor:applemodel:mac os xscope:eqversion:mavericks prior to 10.9

Trust: 0.8

vendor:applemodel:remote desktopscope:eqversion:prior to 3.7

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 0.6

vendor:cosmicperlmodel:directory proscope:eqversion:10.0.3

Trust: 0.3

vendor:applemodel:remote desktopscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:remote desktopscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:remote desktopscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:remote desktopscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:remote desktopscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:remote desktopscope:eqversion:3.5.1

Trust: 0.3

vendor:applemodel:remote desktopscope:eqversion:3.4

Trust: 0.3

vendor:applemodel:remote desktopscope:eqversion:3.3.2

Trust: 0.3

vendor:applemodel:remote desktopscope:eqversion:3.3.1

Trust: 0.3

vendor:applemodel:remote desktopscope:eqversion:3.3

Trust: 0.3

vendor:applemodel:remote desktopscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:remote desktopscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:remote desktopscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.9

Trust: 0.3

sources: BID: 77576 // JVNDB: JVNDB-2015-000177 // CNNVD: CNNVD-201511-247 // NVD: CVE-2013-5229

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5229
value: LOW

Trust: 1.0

IPA: JVNDB-2015-000177
value: LOW

Trust: 0.8

CNNVD: CNNVD-201511-247
value: LOW

Trust: 0.6

VULHUB: VHN-65231
value: LOW

Trust: 0.1

VULMON: CVE-2013-5229
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-5229
severity: LOW
baseScore: 3.7
vectorString: AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

IPA: JVNDB-2015-000177
severity: LOW
baseScore: 3.7
vectorString: AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-65231
severity: LOW
baseScore: 3.7
vectorString: AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65231 // VULMON: CVE-2013-5229 // JVNDB: JVNDB-2015-000177 // CNNVD: CNNVD-201511-247 // NVD: CVE-2013-5229

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-65231 // JVNDB: JVNDB-2015-000177 // NVD: CVE-2013-5229

THREAT TYPE

local

Trust: 0.9

sources: BID: 77576 // CNNVD: CNNVD-201511-247

TYPE

Design Error

Trust: 0.3

sources: BID: 77576

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-000177

PATCH

title:Information from Appleurl:http://jvn.jp/en/jp/JVN56210048/741993/index.html

Trust: 0.8

title:Apple OS X and Apple Remote Desktop Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58736

Trust: 0.6

sources: JVNDB: JVNDB-2015-000177 // CNNVD: CNNVD-201511-247

EXTERNAL IDS

db:JVNid:JVN56210048

Trust: 2.9

db:NVDid:CVE-2013-5229

Trust: 2.9

db:JVNDBid:JVNDB-2015-000177

Trust: 2.6

db:SECTRACKid:1034187

Trust: 1.2

db:CNNVDid:CNNVD-201511-247

Trust: 0.7

db:BIDid:77576

Trust: 0.5

db:VULHUBid:VHN-65231

Trust: 0.1

db:VULMONid:CVE-2013-5229

Trust: 0.1

sources: VULHUB: VHN-65231 // VULMON: CVE-2013-5229 // BID: 77576 // JVNDB: JVNDB-2015-000177 // CNNVD: CNNVD-201511-247 // NVD: CVE-2013-5229

REFERENCES

url:http://jvn.jp/en/jp/jvn56210048/index.html

Trust: 2.9

url:http://jvn.jp/en/jp/jvn56210048/741993/index.html

Trust: 1.8

url:http://jvndb.jvn.jp/jvndb/jvndb-2015-000177

Trust: 1.8

url:http://www.securitytracker.com/id/1034187

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5229

Trust: 0.8

url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5229

Trust: 0.8

url:http://www.apple.com/remotedesktop/

Trust: 0.3

url:http://www.apple.com/macosx/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/254.html

Trust: 0.1

url:https://www.securityfocus.com/bid/77576

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-65231 // VULMON: CVE-2013-5229 // BID: 77576 // JVNDB: JVNDB-2015-000177 // CNNVD: CNNVD-201511-247 // NVD: CVE-2013-5229

CREDITS

Masaki Katayama of Cyber Risks Laboratory Naviplus CO,Ltd.

Trust: 0.3

sources: BID: 77576

SOURCES

db:VULHUBid:VHN-65231
db:VULMONid:CVE-2013-5229
db:BIDid:77576
db:JVNDBid:JVNDB-2015-000177
db:CNNVDid:CNNVD-201511-247
db:NVDid:CVE-2013-5229

LAST UPDATE DATE

2024-08-14T15:34:55.590000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-65231date:2017-09-14T00:00:00
db:VULMONid:CVE-2013-5229date:2017-09-14T00:00:00
db:BIDid:77576date:2015-11-13T00:00:00
db:JVNDBid:JVNDB-2015-000177date:2015-11-17T00:00:00
db:CNNVDid:CNNVD-201511-247date:2015-11-16T00:00:00
db:NVDid:CVE-2013-5229date:2017-09-14T01:29:00.210

SOURCES RELEASE DATE

db:VULHUBid:VHN-65231date:2015-11-14T00:00:00
db:VULMONid:CVE-2013-5229date:2015-11-14T00:00:00
db:BIDid:77576date:2015-11-13T00:00:00
db:JVNDBid:JVNDB-2015-000177date:2015-11-13T00:00:00
db:CNNVDid:CNNVD-201511-247date:2015-11-16T00:00:00
db:NVDid:CVE-2013-5229date:2015-11-14T03:59:00.127