{ "id": "CVE-2014-1266", "sourceIdentifier": "product-security@apple.com", "published": "2014-02-22T17:05:21.767", "lastModified": "2019-03-08T16:06:29.247", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step." }, { "lang": "es", "value": "La funci\u00f3n SSLVerifySignedServerKeyExchange en libsecurity_ssl/lib/sslKeyExchange.c la funcionalidad Secure Transport en el componente Data Security en Apple iOS 6.x anterior a 6.1.6 y 7.x anterior a 7.0.6, Apple TV 6.x anterior a 6.0.2 y Apple OS X 10.9.x anterior a 10.9.2 no comprueba la firma en un mensaje TLS Server Key Exchange, lo que permite a atacantes man-in-the-middle falsificar servidores SSL mediante (1) el uso de una clave privada arbitraria para el paso de la firma o (2) la omisi\u00f3n del paso de la firma." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.8 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEE0068D-C699-4646-9658-610409925A79" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "87C215DD-BC98-4283-BF13-69556EF7CB78" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C1C3966E-C136-47A9-B5B4-70613756ED27" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "22AD2A1F-A637-47DE-A69F-DAE4ABDFA4BD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F6D398B8-821B-4DE9-ADF1-4983051F964C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E0CCE5F2-4D32-404B-BAAC-E64F11BD41FB" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:6.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D54D4BD4-0C6C-4125-ABC8-9FC1E804E530" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:6.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "ED1FADB5-2390-4F49-A1A3-0B8EAB652ADB" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*", "matchCriteriaId": "A48A5310-A589-4E9B-99BC-F840CC1A6A44" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "F241EBFB-CCB3-4D16-B476-AC1578D3C435" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "5365205F-B91D-4123-8CFD-EA42E0DEA944" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D8C7F676-5ACC-4330-9591-465CA8AF77AA" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "07A11433-B725-4BD6-B998-4B3637F061EC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4FD62141-07B1-4E3D-80BC-25D519F90DBD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D9737BD4-B4F4-4291-A1E9-B692ECBC657E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B6160869-944D-4E34-BB81-6A1259D692B1" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "090CAC3C-4B20-46E5-A8C7-950B7E1DB5E9" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "E96F77DD-0962-4E55-97A2-9BC2FE01D8A8" } ] } ] } ], "references": [ { "url": "http://it.slashdot.org/comments.pl?sid=4821073&cid=46310187", "source": "product-security@apple.com" }, { "url": "http://support.apple.com/kb/HT6146", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://support.apple.com/kb/HT6147", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://support.apple.com/kb/HT6148", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://support.apple.com/kb/HT6150", "source": "product-security@apple.com" }, { "url": "https://news.ycombinator.com/item?id=7281378", "source": "product-security@apple.com" }, { "url": "https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html", "source": "product-security@apple.com" }, { "url": "https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html", "source": "product-security@apple.com" }, { "url": "https://www.imperialviolet.org/2014/02/22/applebug.html", "source": "product-security@apple.com", "tags": [ "Exploit" ] } ] }