Sign-up

ID

VAR-201702-0231


CVE

CVE-2016-7633


TITLE

Apple macOS Vulnerability in the directory service component

Trust: 0.8

sources: JVNDB: JVNDB-2016-007415

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors. Apple macOS The directory service component is either authorized or service disruption ( Use of freed memory (use-after-free)) There are vulnerabilities that are put into a state.Authorized by local user or service disruption ( Use of freed memory (use-after-free)) There is a possibility of being put into a state. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, obtain sensitive information, gain elevated privileges or cause a denial-of-service condition. Attackers can exploit this vulnerability to gain root privileges

Trust: 1.98

sources: NVD: CVE-2016-7633 // JVNDB: JVNDB-2016-007415 // BID: 94903 // VULHUB: VHN-96453

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.1

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.1

Trust: 1.0

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.2

Trust: 0.3

sources: BID: 94903 // JVNDB: JVNDB-2016-007415 // CNNVD: CNNVD-201612-493 // NVD: CVE-2016-7633

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7633
value: HIGH

Trust: 1.0

NVD: CVE-2016-7633
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201612-493
value: HIGH

Trust: 0.6

VULHUB: VHN-96453
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-7633
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-96453
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7633
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-96453 // JVNDB: JVNDB-2016-007415 // CNNVD: CNNVD-201612-493 // NVD: CVE-2016-7633

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.9

sources: VULHUB: VHN-96453 // JVNDB: JVNDB-2016-007415 // NVD: CVE-2016-7633

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201612-493

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201612-493

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007415

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-96453

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-12-13-1 macOS 10.12.2url:https://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html
Trust: 0.8
title:HT207423url:https://support.apple.com/en-us/HT207423
Trust: 0.8
title:HT207423url:https://support.apple.com/ja-jp/HT207423
Trust: 0.8
title:Apple macOS Sierra Directory Services Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66527
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-007415 // 
            
            
            
            CNNVD: CNNVD-201612-493

EXTERNAL IDS
db:NVDid:CVE-2016-7633
Trust: 2.8
db:BIDid:94903
Trust: 2.0
db:SECTRACKid:1037469
Trust: 1.1
db:EXPLOIT-DBid:40954
Trust: 1.1
db:JVNid:JVNVU97133642
Trust: 0.8
db:JVNDBid:JVNDB-2016-007415
Trust: 0.8
db:CNNVDid:CNNVD-201612-493
Trust: 0.7
db:PACKETSTORMid:140247
Trust: 0.1
db:VULHUBid:VHN-96453
Trust: 0.1
sources:
            
            
            VULHUB: VHN-96453 // 
            
            
            
            BID: 94903 // 
            
            
            
            JVNDB: JVNDB-2016-007415 // 
            
            
            
            CNNVD: CNNVD-201612-493 // 
            
            
            
            NVD: CVE-2016-7633

REFERENCES
url:http://www.securityfocus.com/bid/94903
Trust: 1.7
url:https://support.apple.com/ht207423
Trust: 1.7
url:https://www.exploit-db.com/exploits/40954/
Trust: 1.1
url:http://www.securitytracker.com/id/1037469
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7633
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97133642/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7633
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-96453 // 
            
            
            
            BID: 94903 // 
            
            
            
            JVNDB: JVNDB-2016-007415 // 
            
            
            
            CNNVD: CNNVD-201612-493 // 
            
            
            
            NVD: CVE-2016-7633

CREDITS
daybreaker@Minionz working with Trend Micro's Zero Day Initiative, an anonymous researcher, Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group, daybreaker of Minionz, Radu Motspan working with Trend Micro's Zero Day In
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201612-493

SOURCES
db:VULHUBid:VHN-96453
db:BIDid:94903
db:JVNDBid:JVNDB-2016-007415
db:CNNVDid:CNNVD-201612-493
db:NVDid:CVE-2016-7633

LAST UPDATE DATE
2024-11-23T20:51:09.249000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-96453date:2017-09-03T00:00:00
db:BIDid:94903date:2016-12-20T00:09:00
db:JVNDBid:JVNDB-2016-007415date:2017-02-28T00:00:00
db:CNNVDid:CNNVD-201612-493date:2017-03-01T00:00:00
db:NVDid:CVE-2016-7633date:2024-11-21T02:58:20.397

SOURCES RELEASE DATE
db:VULHUBid:VHN-96453date:2017-02-20T00:00:00
db:BIDid:94903date:2016-12-13T00:00:00
db:JVNDBid:JVNDB-2016-007415date:2017-02-28T00:00:00
db:CNNVDid:CNNVD-201612-493date:2016-12-15T00:00:00
db:NVDid:CVE-2016-7633date:2017-02-20T08:59:03.183