Details of VAR-201704-0760

ID

VAR-201704-0760

CVE

CVE-2017-2403

TITLE

Apple macOS Format string vulnerability in the print component

Trust: 0.8

sources: JVNDB: JVNDB-2017-002388

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL. Apple macOS The print component contains a format string vulnerability.Crafted by a remote attacker IPP(S) An arbitrary code may be executed via the link. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or bypass security restrictions and perform unauthorized actions. This may aid in further attacks

Trust: 1.98

sources: NVD: CVE-2017-2403 // JVNDB: JVNDB-2017-002388 // BID: 97140 // VULHUB: VHN-110606

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.3	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.3	Trust: 1.0
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	ubuntu	model:	linux	scope:	eq	version:	16.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	16.04	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.3	Trust: 0.3
vendor:	apple	model:	security update yosemite	scope:	ne	version:	2017-0010	Trust: 0.3
vendor:	apple	model:	security update el capitan	scope:	ne	version:	2017-0010	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.4	Trust: 0.3

sources: BID: 97140 // JVNDB: JVNDB-2017-002388 // CNNVD: CNNVD-201704-054 // NVD: CVE-2017-2403

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2403
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2403
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201704-054
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110606
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2403
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-110606
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2403
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110606 // JVNDB: JVNDB-2017-002388 // CNNVD: CNNVD-201704-054 // NVD: CVE-2017-2403

PROBLEMTYPE DATA

problemtype:

CWE-134

Trust: 1.8

sources: JVNDB: JVNDB-2017-002388 // NVD: CVE-2017-2403

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-054

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-201704-054

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002388

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT207615	url:	https://support.apple.com/en-us/HT207615	Trust: 0.8
title:	HT207615	url:	https://support.apple.com/ja-jp/HT207615	Trust: 0.8
title:	Apple macOS Sierra Printing Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68947	Trust: 0.6

sources: JVNDB: JVNDB-2017-002388 // CNNVD: CNNVD-201704-054

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2403	Trust: 2.8
db:	BID	id:	97140	Trust: 2.0
db:	SECTRACK	id:	1038138	Trust: 1.1
db:	JVN	id:	JVNVU90482935	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-002388	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-054	Trust: 0.7
db:	VULHUB	id:	VHN-110606	Trust: 0.1

sources: VULHUB: VHN-110606 // BID: 97140 // JVNDB: JVNDB-2017-002388 // CNNVD: CNNVD-201704-054 // NVD: CVE-2017-2403

REFERENCES

url:	http://www.securityfocus.com/bid/97140	Trust: 1.7
url:	https://support.apple.com/ht207615	Trust: 1.7
url:	http://www.securitytracker.com/id/1038138	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2403	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90482935/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2403	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-110606 // BID: 97140 // JVNDB: JVNDB-2017-002388 // CNNVD: CNNVD-201704-054 // NVD: CVE-2017-2403

CREDITS

Ulf Frisk, Apple, Brandon Azad, an anonymous researcher, Max Bazaliy, beist, Sergey Bylokhov, Simon Huang, pjf, Alex Fishman, Izik Eidus, Pekka Oikarainen, Matias Karhumaa, Marko Laakso, @cocoahuke, kimyok, Craig Arendt, Axis, sss, Orr A, Benjamin Gnahm, I

Trust: 0.3

sources: BID: 97140

SOURCES

db:	VULHUB	id:	VHN-110606
db:	BID	id:	97140
db:	JVNDB	id:	JVNDB-2017-002388
db:	CNNVD	id:	CNNVD-201704-054
db:	NVD	id:	CVE-2017-2403

LAST UPDATE DATE

2024-11-23T20:27:57.233000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110606	date:	2017-07-12T00:00:00
db:	BID	id:	97140	date:	2017-06-08T08:02:00
db:	JVNDB	id:	JVNDB-2017-002388	date:	2017-04-12T00:00:00
db:	CNNVD	id:	CNNVD-201704-054	date:	2017-04-05T00:00:00
db:	NVD	id:	CVE-2017-2403	date:	2024-11-21T03:23:27.430

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110606	date:	2017-04-02T00:00:00
db:	BID	id:	97140	date:	2017-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-002388	date:	2017-04-12T00:00:00
db:	CNNVD	id:	CNNVD-201704-054	date:	2017-04-05T00:00:00
db:	NVD	id:	CVE-2017-2403	date:	2017-04-02T01:59:01.043