CVE-2023-41036 - Vulnerability Details - OpenCVE

Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication (IPC) mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What is not made clear in the documentation is that this service can vend this interface to any other program on the machine. The impact of exploitation is a privilege escalation to root - this is likely to affect anyone who is not careful about the software they download and use MacVim to edit files that would require root privileges. Version 178 contains a fix for this issue.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Macvim	Macvim

Configuration 1 [-]

cpe:2.3:a:macvim:macvim:*:*:*:*:*:macos:*:*

No data.

References

Link	Providers
https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMAppController.h#L28
https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMBackend.h
https://github.com/macvim-dev/macvim/commit/399b43e9e1dbf656a1780e87344f4d3c875e4cda
https://github.com/macvim-dev/macvim/security/advisories/GHSA-9jgj-jfwg-99fv

History

Wed, 27 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-09-12T19:48:15.108Z

Updated: 2024-11-27T16:17:52.371Z

Reserved: 2023-08-22T16:57:23.931Z

Link: CVE-2023-41036

Vulnrichment

Updated: 2024-08-02T18:46:11.507Z

NVD

Status : Modified

Published: 2023-11-07T04:20:50.427

Modified: 2024-11-21T08:20:25.713

Link: CVE-2023-41036

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41036", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-22T16:57:23.931Z", "datePublished": "2023-09-12T19:48:15.108Z", "dateUpdated": "2024-11-27T16:17:52.371Z"}, "containers": {"cna": {"title": "Macvim's Insecure Usage of IPC Mechanisms", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "lang": "en", "description": "CWE-269: Improper Privilege Management", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/macvim-dev/macvim/security/advisories/GHSA-9jgj-jfwg-99fv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/macvim-dev/macvim/security/advisories/GHSA-9jgj-jfwg-99fv"}, {"name": "https://github.com/macvim-dev/macvim/commit/399b43e9e1dbf656a1780e87344f4d3c875e4cda", "tags": ["x_refsource_MISC"], "url": "https://github.com/macvim-dev/macvim/commit/399b43e9e1dbf656a1780e87344f4d3c875e4cda"}, {"name": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMAppController.h#L28", "tags": ["x_refsource_MISC"], "url": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMAppController.h#L28"}, {"name": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMBackend.h", "tags": ["x_refsource_MISC"], "url": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMBackend.h"}], "affected": [{"vendor": "macvim-dev", "product": "macvim", "versions": [{"version": "< 178", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-18T18:07:09.154Z"}, "descriptions": [{"lang": "en", "value": "Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication (IPC) mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What is not made clear in the documentation is that this service can vend this interface to any other program on the machine. The impact of exploitation is a privilege escalation to root - this is likely to affect anyone who is not careful about the software they download and use MacVim to edit files that would require root privileges. Version 178 contains a fix for this issue."}], "source": {"advisory": "GHSA-9jgj-jfwg-99fv", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.507Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/macvim-dev/macvim/security/advisories/GHSA-9jgj-jfwg-99fv", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/macvim-dev/macvim/security/advisories/GHSA-9jgj-jfwg-99fv"}, {"name": "https://github.com/macvim-dev/macvim/commit/399b43e9e1dbf656a1780e87344f4d3c875e4cda", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/macvim-dev/macvim/commit/399b43e9e1dbf656a1780e87344f4d3c875e4cda"}, {"name": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMAppController.h#L28", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMAppController.h#L28"}, {"name": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMBackend.h", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMBackend.h"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-27T16:17:43.907973Z", "id": "CVE-2023-41036", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T16:17:52.371Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/macvim-dev/macvim/security/advisories/GHSA-9jgj-jfwg-99fv", "name": "https://github.com/macvim-dev/macvim/security/advisories/GHSA-9jgj-jfwg-99fv", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/macvim-dev/macvim/commit/399b43e9e1dbf656a1780e87344f4d3c875e4cda", "name": "https://github.com/macvim-dev/macvim/commit/399b43e9e1dbf656a1780e87344f4d3c875e4cda", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMAppController.h#L28", "name": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMAppController.h#L28", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMBackend.h", "name": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMBackend.h", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.507Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41036", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-27T16:17:43.907973Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T16:17:48.548Z"}}], "cna": {"title": "Macvim's Insecure Usage of IPC Mechanisms", "source": {"advisory": "GHSA-9jgj-jfwg-99fv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "macvim-dev", "product": "macvim", "versions": [{"status": "affected", "version": "< 178"}]}], "references": [{"url": "https://github.com/macvim-dev/macvim/security/advisories/GHSA-9jgj-jfwg-99fv", "name": "https://github.com/macvim-dev/macvim/security/advisories/GHSA-9jgj-jfwg-99fv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/macvim-dev/macvim/commit/399b43e9e1dbf656a1780e87344f4d3c875e4cda", "name": "https://github.com/macvim-dev/macvim/commit/399b43e9e1dbf656a1780e87344f4d3c875e4cda", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMAppController.h#L28", "name": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMAppController.h#L28", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMBackend.h", "name": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMBackend.h", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication (IPC) mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What is not made clear in the documentation is that this service can vend this interface to any other program on the machine. The impact of exploitation is a privilege escalation to root - this is likely to affect anyone who is not careful about the software they download and use MacVim to edit files that would require root privileges. Version 178 contains a fix for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-18T18:07:09.154Z"}}}, "cveMetadata": {"cveId": "CVE-2023-41036", "state": "PUBLISHED", "dateUpdated": "2024-11-27T16:17:52.371Z", "dateReserved": "2023-08-22T16:57:23.931Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-09-12T19:48:15.108Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:macvim:macvim:*:*:*:*:*:macos:*:*", "matchCriteriaId": "3F7AD145-4C39-41D1-9400-48E0213E4EA8", "versionEndExcluding": "178", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication (IPC) mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What is not made clear in the documentation is that this service can vend this interface to any other program on the machine. The impact of exploitation is a privilege escalation to root - this is likely to affect anyone who is not careful about the software they download and use MacVim to edit files that would require root privileges. Version 178 contains a fix for this issue."}, {"lang": "es", "value": "Macvim es un editor de texto para MacOS. Antes de la versi\u00f3n 178, Macvim utiliza un mecanismo de Insecure Interprocess Communication (IPC) que podr\u00eda provocar una escalada de privilegios. Los objetos distribuidos son un concepto introducido por Apple que permite que un programa proporcione una interfaz a otro programa. Lo que no queda claro en la documentaci\u00f3n es que este servicio puede vender esta interfaz a cualquier otro programa en la m\u00e1quina. El impacto de la explotaci\u00f3n es una escalada de privilegios a root; esto probablemente afectar\u00e1 a cualquiera que no tenga cuidado con el software que descarga y use MacVim para editar archivos que requerir\u00edan privilegios de root. La versi\u00f3n 178 contiene una soluci\u00f3n para este problema."}], "id": "CVE-2023-41036", "lastModified": "2024-11-21T08:20:25.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-07T04:20:50.427", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMAppController.h#L28"}, {"source": "security-advisories@github.com", "url": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMBackend.h"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/macvim-dev/macvim/commit/399b43e9e1dbf656a1780e87344f4d3c875e4cda"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/macvim-dev/macvim/security/advisories/GHSA-9jgj-jfwg-99fv"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMAppController.h#L28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMBackend.h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/macvim-dev/macvim/commit/399b43e9e1dbf656a1780e87344f4d3c875e4cda"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/macvim-dev/macvim/security/advisories/GHSA-9jgj-jfwg-99fv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security-advisories@github.com", "type": "Secondary"}]}