var-201310-0492
Vulnerability from variot
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. An attacker can exploit this weakness to predict random number values and bypass certain security restrictions. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Mac OS X versions prior to 10.9. When the srandomdev function cannot access the kernel random number generator, the function will fall back to an alternative method that has been removed during optimization, resulting in a lack of randomness. Attackers can exploit this vulnerability to invalidate the encryption protection mechanism
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0492",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.8.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.8.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.8.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.8.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.8.3"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
}
],
"sources": [
{
"db": "BID",
"id": "63347"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004847"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-591"
},
{
"db": "NVD",
"id": "CVE-2013-5180"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004847"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xi Wang",
"sources": [
{
"db": "BID",
"id": "63347"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5180",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-5180",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-65182",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5180",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-5180",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-591",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-65182",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65182"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004847"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-591"
},
{
"db": "NVD",
"id": "CVE-2013-5180"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. \nAn attacker can exploit this weakness to predict random number values and bypass certain security restrictions. \nNote: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. \nMac OS X versions prior to 10.9. When the srandomdev function cannot access the kernel random number generator, the function will fall back to an alternative method that has been removed during optimization, resulting in a lack of randomness. Attackers can exploit this vulnerability to invalidate the encryption protection mechanism",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5180"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004847"
},
{
"db": "BID",
"id": "63347"
},
{
"db": "VULHUB",
"id": "VHN-65182"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5180",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU95174988",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004847",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-591",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2013-10-22-3",
"trust": 0.6
},
{
"db": "BID",
"id": "63347",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-65182",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65182"
},
{
"db": "BID",
"id": "63347"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004847"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-591"
},
{
"db": "NVD",
"id": "CVE-2013-5180"
}
]
},
"id": "VAR-201310-0492",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-65182"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:14:02.561000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2013-10-22-3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"title": "HT6011",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6011"
},
{
"title": "HT6011",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6011?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004847"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65182"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004847"
},
{
"db": "NVD",
"id": "CVE-2013-5180"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00004.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5180"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95174988/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5180"
},
{
"trust": 0.3,
"url": "http://software.cisco.com/download/navigator.html?mdfid=283613663"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65182"
},
{
"db": "BID",
"id": "63347"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004847"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-591"
},
{
"db": "NVD",
"id": "CVE-2013-5180"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-65182"
},
{
"db": "BID",
"id": "63347"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004847"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-591"
},
{
"db": "NVD",
"id": "CVE-2013-5180"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-65182"
},
{
"date": "2013-10-22T00:00:00",
"db": "BID",
"id": "63347"
},
{
"date": "2013-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004847"
},
{
"date": "2013-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-591"
},
{
"date": "2013-10-24T03:48:52.223000",
"db": "NVD",
"id": "CVE-2013-5180"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-65182"
},
{
"date": "2013-10-22T00:00:00",
"db": "BID",
"id": "63347"
},
{
"date": "2013-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004847"
},
{
"date": "2013-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-591"
},
{
"date": "2024-11-21T01:57:09.980000",
"db": "NVD",
"id": "CVE-2013-5180"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-591"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X of Libc of srandomdev Vulnerability that breaks cryptographic protection mechanisms in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004847"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-591"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…