Sign-up

ID

VAR-201504-0530


CVE

CVE-2015-3027


TITLE

Apple Xcode Used in LLVM of Clang Vulnerabilities that bypass the stack protection mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2015-002203

DESCRIPTION

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program. Apple Xcode is prone to a local security-bypass vulnerability. A local attacker can leverage this issue to perform unauthorized actions. Versions prior to Apple Xcode 6.3 are vulnerable. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. LLVM (Low Level Virtual Machine) is a framework system of a framework compiler (compiler) developed by the LLVM team. A security vulnerability exists in Clang in LLVM used in versions prior to Apple Xcode 6.3 due to incorrect register allocation by the program

Trust: 1.98

sources: NVD: CVE-2015-3027 // JVNDB: JVNDB-2015-002203 // BID: 73987 // VULHUB: VHN-80988

AFFECTED PRODUCTS

vendor:applemodel:xcodescope:lteversion:6.2

Trust: 1.0

vendor:applemodel:xcodescope:eqversion:6.2

Trust: 0.9

vendor:applemodel:xcodescope:ltversion:6.3 (os x yosemite v10.10 or later )

Trust: 0.8

vendor:applemodel:xcodescope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:5.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.5

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:applemodel:xcodescope:neversion:6.3

Trust: 0.3

sources: BID: 73987 // JVNDB: JVNDB-2015-002203 // CNNVD: CNNVD-201504-185 // NVD: CVE-2015-3027

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3027
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3027
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201504-185
value: MEDIUM

Trust: 0.6

VULHUB: VHN-80988
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3027
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-80988
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-80988 // JVNDB: JVNDB-2015-002203 // CNNVD: CNNVD-201504-185 // NVD: CVE-2015-3027

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-80988 // JVNDB: JVNDB-2015-002203 // NVD: CVE-2015-3027

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-185

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201504-185

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002203

PATCH
title:APPLE-SA-2015-04-08-5 Xcode 6.3url:http://lists.apple.com/archives/security-announce/2015/Apr/msg00004.html
Trust: 0.8
title:HT204663url:http://support.apple.com/en-us/HT204663
Trust: 0.8
title:HT204663url:http://support.apple.com/ja-jp/HT204663
Trust: 0.8
title:Xcode_6.3url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54835
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-002203 // 
            
            
            
            CNNVD: CNNVD-201504-185

EXTERNAL IDS
db:NVDid:CVE-2015-3027
Trust: 2.8
db:BIDid:73987
Trust: 1.4
db:SECTRACKid:1032081
Trust: 1.1
db:JVNid:JVNVU91828320
Trust: 0.8
db:JVNDBid:JVNDB-2015-002203
Trust: 0.8
db:CNNVDid:CNNVD-201504-185
Trust: 0.7
db:VULHUBid:VHN-80988
Trust: 0.1
sources:
            
            
            VULHUB: VHN-80988 // 
            
            
            
            BID: 73987 // 
            
            
            
            JVNDB: JVNDB-2015-002203 // 
            
            
            
            CNNVD: CNNVD-201504-185 // 
            
            
            
            NVD: CVE-2015-3027

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/apr/msg00004.html
Trust: 1.7
url:https://support.apple.com/ht204663
Trust: 1.7
url:http://www.securityfocus.com/bid/73987
Trust: 1.1
url:http://www.securitytracker.com/id/1032081
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3027
Trust: 0.8
url:http://jvn.jp/vu/jvnvu91828320/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3027
Trust: 0.8
url:https://developer.apple.com/xcode/
Trust: 0.3
url:https://support.apple.com/en-us/ht204663
Trust: 0.3
sources:
            
            
            VULHUB: VHN-80988 // 
            
            
            
            BID: 73987 // 
            
            
            
            JVNDB: JVNDB-2015-002203 // 
            
            
            
            CNNVD: CNNVD-201504-185 // 
            
            
            
            NVD: CVE-2015-3027

CREDITS
Apple
Trust: 0.3
sources:
            
            
            BID: 73987

SOURCES
db:VULHUBid:VHN-80988
db:BIDid:73987
db:JVNDBid:JVNDB-2015-002203
db:CNNVDid:CNNVD-201504-185
db:NVDid:CVE-2015-3027

LAST UPDATE DATE
2024-08-14T12:14:27.599000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-80988date:2016-12-03T00:00:00
db:BIDid:73987date:2015-05-07T17:35:00
db:JVNDBid:JVNDB-2015-002203date:2015-04-15T00:00:00
db:CNNVDid:CNNVD-201504-185date:2015-04-14T00:00:00
db:NVDid:CVE-2015-3027date:2016-12-03T03:07:58.243

SOURCES RELEASE DATE
db:VULHUBid:VHN-80988date:2015-04-10T00:00:00
db:BIDid:73987date:2015-04-08T00:00:00
db:JVNDBid:JVNDB-2015-002203date:2015-04-15T00:00:00
db:CNNVDid:CNNVD-201504-185date:2015-04-14T00:00:00
db:NVDid:CVE-2015-3027date:2015-04-10T15:00:11.443