cvelistv5 - cve-2013-5185

CVE-2013-5185 (GCVE-0-2013-5185)

Vulnerability from cvelistv5

Published

2013-10-24 01:00

Modified

2024-09-16 18:23

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-757p-x3jc-426r

Vulnerability from github

Published

2022-05-17 04:59

Modified

2022-05-17 04:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5185"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-10-24T03:48:00Z",
    "severity": "MODERATE"
  },
  "details": "The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.",
  "id": "GHSA-757p-x3jc-426r",
  "modified": "2022-05-17T04:59:28Z",
  "published": "2022-05-17T04:59:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5185"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network. Apple Mac OS X is prone to a security vulnerability. Attackers can exploit this issue bypass security restrictions, and perform other attacks. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Mac OS X versions prior to 10.9 are vulnerable. The vulnerability is caused by the program not correctly handling the minssf configuration, resulting in weak encryption. A remote attacker could exploit this vulnerability to obtain sensitive information by sniffing the network

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201310-0465",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.3"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "63351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-596"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5185"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004850"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "BID",
        "id": "63351"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-5185",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2013-5185",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-65187",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-5185",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-5185",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201310-596",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-65187",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65187"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-596"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5185"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network. Apple Mac OS X is prone to a security vulnerability. \nAttackers can exploit this issue bypass security restrictions, and perform other  attacks. \nNote: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. \nMac OS X versions prior to 10.9 are vulnerable. The vulnerability is caused by the program not correctly handling the minssf configuration, resulting in weak encryption. A remote attacker could exploit this vulnerability to obtain sensitive information by sniffing the network",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004850"
      },
      {
        "db": "BID",
        "id": "63351"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65187"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5185",
        "trust": 2.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95174988",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004850",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-596",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2013-10-22-3",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "63351",
        "trust": 0.4
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-61068",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-65187",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65187"
      },
      {
        "db": "BID",
        "id": "63351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-596"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5185"
      }
    ]
  },
  "id": "VAR-201310-0465",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65187"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:08:24.571000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2013-10-22-3",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
      },
      {
        "title": "HT6011",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6011"
      },
      {
        "title": "HT6011",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6011?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004850"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65187"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004850"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5185"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00004.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5185"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu95174988/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5185"
      },
      {
        "trust": 0.3,
        "url": "http://software.cisco.com/download/navigator.html?mdfid=283613663"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65187"
      },
      {
        "db": "BID",
        "id": "63351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-596"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5185"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-65187"
      },
      {
        "db": "BID",
        "id": "63351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-596"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5185"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-10-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65187"
      },
      {
        "date": "2013-10-22T00:00:00",
        "db": "BID",
        "id": "63351"
      },
      {
        "date": "2013-10-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004850"
      },
      {
        "date": "2013-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201310-596"
      },
      {
        "date": "2013-10-24T03:48:52.317000",
        "db": "NVD",
        "id": "CVE-2013-5185"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-10-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65187"
      },
      {
        "date": "2013-10-22T00:00:00",
        "db": "BID",
        "id": "63351"
      },
      {
        "date": "2013-10-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004850"
      },
      {
        "date": "2013-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201310-596"
      },
      {
        "date": "2024-11-21T01:57:10.540000",
        "db": "NVD",
        "id": "CVE-2013-5185"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-596"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X of  OpenLDAP of  ldapsearch Vulnerabilities in which important information can be obtained in command line programs",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004850"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-596"
      }
    ],
    "trust": 0.6
  }
}

gsd-2013-5185

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-5185

Aliases

CVE-2013-5185

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5185",
    "description": "The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.",
    "id": "GSD-2013-5185"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5185"
      ],
      "details": "The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.",
      "id": "GSD-2013-5185",
      "modified": "2023-12-13T01:22:21.985468Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2013-5185",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2013-10-22-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.8.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2013-5185"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2013-10-22-3",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-10-24T23:37Z",
      "publishedDate": "2013-10-24T03:48Z"
    }
  }
}

CERTA-2013-AVI-601

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple OS X Mavericks. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à OS X Mavericks v10.9

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

fkie_cve-2013-5185

Vulnerability from fkie_nvd

Published

2013-10-24 03:48

Modified

2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	product-security@apple.com	http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	mac_os_x	*
apple	mac_os_x	10.8.0
apple	mac_os_x	10.8.1
apple	mac_os_x	10.8.2
apple	mac_os_x	10.8.3
apple	mac_os_x	10.8.4
apple	mac_os_x	10.8.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:supplemental_update:*:*:*:*:*:*",
              "matchCriteriaId": "BA9ABDE2-A7F3-4D0B-9BBB-57F27AE14B1D",
              "versionEndIncluding": "10.8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2082D62-3821-4DBA-8690-67489F44C38D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0DB1BC-DC16-423E-B0C7-8E9C996A50B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E59315BA-B9F1-46A5-86E7-8BE2ED97BA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "55841123-F78F-42E0-8D40-C688C4B4D29C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "252640D3-5CB8-4C3D-9E8B-ED452293C805",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D30B4B-DA63-40B0-B0C9-F3992CF25706",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network."
    },
    {
      "lang": "es",
      "value": "El programa de l\u00ednea de comandos ldapsearch en OpenLDAP en Apple Mac OS X anteriores a 10.9 no procesa correctamente la configuraci\u00f3n de minssf, lo cual permite a atacantes remotos obtener informaci\u00f3n sensible aprovech\u00e1ndose de cifrados d\u00e9biles no intencionados y capturando tr\u00e1fico de red."
    }
  ],
  "id": "CVE-2013-5185",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-24T03:48:52.317",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-5185 (GCVE-0-2013-5185)

Vulnerability from cvelistv5

ghsa-757p-x3jc-426r

Vulnerability from github

var-201310-0465

Vulnerability from variot

gsd-2013-5185

Vulnerability from gsd

CERTA-2013-AVI-601

Vulnerability from certfr_avis

Solution

fkie_cve-2013-5185

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature