[VIM] [CVENEW] New CVE CANs: 2013/03/20 10:00 ; count=6

coley at mitre.org coley at mitre.org
Wed Mar 20 09:04:28 CDT 2013 

======================================================
Name: CVE-2012-5938
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5938
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121121
Category: 
Reference: CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21628844
Reference: XF:infosphere-file-priv-esc(80493)
Reference: URL:http://xforce.iss.net/xforce/xfdb/80493

The installation process in IBM InfoSphere Information Server 8.1,
8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and
ownerships for unspecified files, which allows local users to bypass
intended access restrictions via standard filesystem operations.



======================================================
Name: CVE-2013-0977
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0977
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: CONFIRM:http://support.apple.com/kb/HT5702
Reference: CONFIRM:http://support.apple.com/kb/HT5704
Reference: APPLE:APPLE-SA-2013-03-19-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html
Reference: APPLE:APPLE-SA-2013-03-19-2
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.html

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not
properly manage the state of file loading for Mach-O executable files,
which allows local users to bypass intended code-signing requirements
via a file that contains overlapping segments.



======================================================
Name: CVE-2013-0978
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0978
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: CONFIRM:http://support.apple.com/kb/HT5702
Reference: CONFIRM:http://support.apple.com/kb/HT5704
Reference: APPLE:APPLE-SA-2013-03-19-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html
Reference: APPLE:APPLE-SA-2013-03-19-2
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.html

The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3
and Apple TV before 5.2.1 does not ensure that it has been invoked in
an abort context, which makes it easier for local users to bypass the
ASLR protection mechanism via crafted code.



======================================================
Name: CVE-2013-0979
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0979
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: CONFIRM:http://support.apple.com/kb/HT5704
Reference: APPLE:APPLE-SA-2013-03-19-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html

lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly
consider file types during the permission-setting step of a backup
restoration, which allows local users to change the permissions of
arbitrary files via a backup that contains a pathname with a symlink.



======================================================
Name: CVE-2013-0980
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0980
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: CONFIRM:http://support.apple.com/kb/HT5704
Reference: APPLE:APPLE-SA-2013-03-19-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html

The Passcode Lock implementation in Apple iOS before 6.1.3 does not
properly manage the lock state, which allows physically proximate
attackers to bypass an intended passcode requirement by leveraging an
error in the emergency-call feature.



======================================================
Name: CVE-2013-0981
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0981
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130110
Category: 
Reference: CONFIRM:http://support.apple.com/kb/HT5702
Reference: CONFIRM:http://support.apple.com/kb/HT5704
Reference: APPLE:APPLE-SA-2013-03-19-1
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html
Reference: APPLE:APPLE-SA-2013-03-19-2
Reference: URL:http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.html

The IOUSBDeviceFamily driver in the USB implementation in the kernel
in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe
object pointers that originated in userspace, which allows local users
to gain privileges via crafted code.

More information about the VIM mailing list