Details of VAR-201504-0134

ID

VAR-201504-0134

CVE

CVE-2015-1118

TITLE

plural Apple Product libnetcore Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-002162

DESCRIPTION

libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile. Apple TV/Mac OS X/iOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, gain elevated privileges, conduct phishing attacks and perform other attacks. Failed attacks may cause denial-of-service conditions

Trust: 1.98

sources: NVD: CVE-2015-1118 // JVNDB: JVNDB-2015-002162 // BID: 73981 // VULHUB: VHN-79078

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	8.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.2	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lte	version:	7.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10 to 10.10.2	Trust: 0.8
vendor:	apple	model:	tv	scope:	lt	version:	7.2 (apple tv first 3 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.2	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	7.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.2	Trust: 0.6
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.4	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 73981 // JVNDB: JVNDB-2015-002162 // CNNVD: CNNVD-201504-143 // NVD: CVE-2015-1118

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-1118
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-1118
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201504-143
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-79078
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-1118
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-79078
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-79078 // JVNDB: JVNDB-2015-002162 // CNNVD: CNNVD-201504-143 // NVD: CVE-2015-1118

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-1118

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-143

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201504-143

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002162

PATCH

title:	APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004	url:	http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html	Trust: 0.8
title:	APPLE-SA-2015-04-08-4 Apple TV 7.2	url:	http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html	Trust: 0.8
title:	APPLE-SA-2015-04-08-3 iOS 8.3	url:	http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Trust: 0.8
title:	HT204662	url:	http://support.apple.com/en-us/HT204662	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/en-us/HT204661	Trust: 0.8
title:	HT204659	url:	http://support.apple.com/en-us/HT204659	Trust: 0.8
title:	HT204662	url:	http://support.apple.com/ja-jp/HT204662	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/ja-jp/HT204661	Trust: 0.8
title:	HT204659	url:	http://support.apple.com/ja-jp/HT204659	Trust: 0.8

sources: JVNDB: JVNDB-2015-002162

EXTERNAL IDS

db:	NVD	id:	CVE-2015-1118	Trust: 2.8
db:	SECTRACK	id:	1032048	Trust: 1.7
db:	JVN	id:	JVNVU91828320	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002162	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-143	Trust: 0.7
db:	BID	id:	73981	Trust: 0.3
db:	VULHUB	id:	VHN-79078	Trust: 0.1

sources: VULHUB: VHN-79078 // BID: 73981 // JVNDB: JVNDB-2015-002162 // CNNVD: CNNVD-201504-143 // NVD: CVE-2015-1118

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/apr/msg00002.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/apr/msg00003.html	Trust: 1.7
url:	https://support.apple.com/ht204659	Trust: 1.7
url:	https://support.apple.com/ht204661	Trust: 1.7
url:	https://support.apple.com/ht204662	Trust: 1.7
url:	http://www.securitytracker.com/id/1032048	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1118	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91828320/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1118	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/appletv/features.html	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-79078 // BID: 73981 // JVNDB: JVNDB-2015-002162 // CNNVD: CNNVD-201504-143 // NVD: CVE-2015-1118

CREDITS

lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco, Ilja van Sprundel of IOActive, Mark Mentovai of Google Inc, Zimperium Mobile Security Labs, Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab, Maxime Villard of m00nbsd, lokihardt@ASRT

Trust: 0.3

sources: BID: 73981

SOURCES

db:	VULHUB	id:	VHN-79078
db:	BID	id:	73981
db:	JVNDB	id:	JVNDB-2015-002162
db:	CNNVD	id:	CNNVD-201504-143
db:	NVD	id:	CVE-2015-1118

LAST UPDATE DATE

2024-11-23T20:10:04.272000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-79078	date:	2019-03-08T00:00:00
db:	BID	id:	73981	date:	2015-07-15T00:04:00
db:	JVNDB	id:	JVNDB-2015-002162	date:	2015-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201504-143	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2015-1118	date:	2024-11-21T02:24:42.613

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-79078	date:	2015-04-10T00:00:00
db:	BID	id:	73981	date:	2015-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-002162	date:	2015-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201504-143	date:	2015-04-14T00:00:00
db:	NVD	id:	CVE-2015-1118	date:	2015-04-10T14:59:32.513