CVE-2014-1266
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.
Published at
2014-02-22T17:05Z
3725 days ago
Modified
2019-03-08T16:06Z
1885 days ago
CWE-20
Problem type
References
| URL | Type |
|---|---|
| support.apple.com http://support.apple.com/kb/HT6148 | CONFIRM |
| support.apple.com http://support.apple.com/kb/HT6146 | CONFIRM |
| it.slashdot.org http://it.slashdot.org/comments.pl?sid=4821073&cid=46310187 | MISC |
| support.apple.com http://support.apple.com/kb/HT6147 | CONFIRM |
| www.imperialviolet.org https://www.imperialviolet.org/2014/02/22/applebug.html | MISC |
| news.ycombinator.com https://news.ycombinator.com/item?id=7281378 | MISC |
| www.cs.columbia.edu https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html | MISC |
| www.cs.columbia.edu https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html | MISC |
| support.apple.com http://support.apple.com/kb/HT6150 | CONFIRM |
GET https://vulnerabilitydata.com/api/details/CVE-2014-1266
{
"id": "CVE-2014-1266",
"published_date": "2014-02-22T17:05Z",
"last_modified_date": "2019-03-08T16:06Z",
"assigner": "product-security@apple.com",
"description": "The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.",
"references": [
{
"url": "http://support.apple.com/kb/HT6148",
"name": "http://support.apple.com/kb/HT6148",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://support.apple.com/kb/HT6146",
"name": "http://support.apple.com/kb/HT6146",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://it.slashdot.org/comments.pl?sid=4821073&cid=46310187",
"name": "http://it.slashdot.org/comments.pl?sid=4821073&cid=46310187",
"refsource": "MISC",
"tags": []
},
{
"url": "http://support.apple.com/kb/HT6147",
"name": "http://support.apple.com/kb/HT6147",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.imperialviolet.org/2014/02/22/applebug.html",
"name": "https://www.imperialviolet.org/2014/02/22/applebug.html",
"refsource": "MISC",
"tags": [
"Exploit"
]
},
{
"url": "https://news.ycombinator.com/item?id=7281378",
"name": "https://news.ycombinator.com/item?id=7281378",
"refsource": "MISC",
"tags": []
},
{
"url": "https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html",
"name": "https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html",
"refsource": "MISC",
"tags": []
},
{
"url": "https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html",
"name": "https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html",
"refsource": "MISC",
"tags": []
},
{
"url": "http://support.apple.com/kb/HT6150",
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"tags": []
}
],
"impact": {
"baseMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.8
},
"severity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
},
"problem_type": "CWE-20"
}