Details of VAR-201507-0398

ID

VAR-201507-0398

CVE

CVE-2015-3704

TITLE

Apple OS X of Install Framework Legacy Subsystem vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2015-003416

DESCRIPTION

runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Admin Framework, afpserver, apache, AppleGraphicsControl, AppleFSCompression, AppleThunderboltEDMService, ATS, Bluetooth, Display Drivers, Intel Graphics Driver, IOAcceleratorFamily, IOFireWireFamily, Kernel, Install Framework Legacy, kext tools, ntfs, QuickTime, Security, Spotlight, and System Stats components. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.10.4. Apple for Mac computers. The vulnerability stems from the fact that the program does not lower permissions correctly

Trust: 2.07

sources: NVD: CVE-2015-3704 // JVNDB: JVNDB-2015-003416 // BID: 75493 // VULHUB: VHN-81665 // VULMON: CVE-2015-3704

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10 to 10.10.3	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.3	Trust: 0.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7.3.4	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7	Trust: 0.3

sources: BID: 75493 // JVNDB: JVNDB-2015-003416 // CNNVD: CNNVD-201507-065 // NVD: CVE-2015-3704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3704
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-3704
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201507-065
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-81665
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-3704
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-3704
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-81665
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-81665 // VULMON: CVE-2015-3704 // JVNDB: JVNDB-2015-003416 // CNNVD: CNNVD-201507-065 // NVD: CVE-2015-3704

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-81665 // JVNDB: JVNDB-2015-003416 // NVD: CVE-2015-3704

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-065

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201507-065

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003416

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-81665 // VULMON: CVE-2015-3704

PATCH

title:	APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005	url:	http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html	Trust: 0.8
title:	HT204942	url:	http://support.apple.com/en-us/HT204942	Trust: 0.8
title:	HT204942	url:	http://support.apple.com/ja-jp/HT204942	Trust: 0.8
title:	osxupd10.10.4	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56516	Trust: 0.6
title:	quicktime7.7.7_installer	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56517	Trust: 0.6
title:	iPhone7,1_8.4_12H143_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56515	Trust: 0.6
title:	Apple: OS X Yosemite v10.10.4 and Security Update 2015-005	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50398602701d671602946005c7864211	Trust: 0.1

sources: VULMON: CVE-2015-3704 // JVNDB: JVNDB-2015-003416 // CNNVD: CNNVD-201507-065

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3704	Trust: 2.9
db:	BID	id:	75493	Trust: 1.5
db:	EXPLOIT-DB	id:	38138	Trust: 1.2
db:	SECTRACK	id:	1032760	Trust: 1.2
db:	PACKETSTORM	id:	133547	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-003416	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-065	Trust: 0.7
db:	VULHUB	id:	VHN-81665	Trust: 0.1
db:	VULMON	id:	CVE-2015-3704	Trust: 0.1

sources: VULHUB: VHN-81665 // VULMON: CVE-2015-3704 // BID: 75493 // JVNDB: JVNDB-2015-003416 // CNNVD: CNNVD-201507-065 // NVD: CVE-2015-3704

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html	Trust: 1.8
url:	http://support.apple.com/kb/ht204942	Trust: 1.8
url:	https://www.exploit-db.com/exploits/38138/	Trust: 1.3
url:	http://www.securityfocus.com/bid/75493	Trust: 1.2
url:	http://packetstormsecurity.com/files/133547/os-x-privilege-escalation.html	Trust: 1.2
url:	http://www.securitytracker.com/id/1032760	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3704	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3704	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-osx-adminframework-cve-2015-3718	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39581	Trust: 0.1

sources: VULHUB: VHN-81665 // VULMON: CVE-2015-3704 // BID: 75493 // JVNDB: JVNDB-2015-003416 // CNNVD: CNNVD-201507-065 // NVD: CVE-2015-3704

CREDITS

Emil Kvarnhammar at TrueSec, Patrick Wardle of Synack, Dean Jerkovich of NCC Group, Apple, Chen Liang of KEEN Team, an anonymous researcher working with HP's Zero Day Initiative, Pawel Wylecial working with HP's Zero Day Initiative, John Villamil (@day6rea

Trust: 0.3

sources: BID: 75493

SOURCES

db:	VULHUB	id:	VHN-81665
db:	VULMON	id:	CVE-2015-3704
db:	BID	id:	75493
db:	JVNDB	id:	JVNDB-2015-003416
db:	CNNVD	id:	CNNVD-201507-065
db:	NVD	id:	CVE-2015-3704

LAST UPDATE DATE

2024-11-23T20:20:20.657000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81665	date:	2017-09-22T00:00:00
db:	VULMON	id:	CVE-2015-3704	date:	2017-09-22T00:00:00
db:	BID	id:	75493	date:	2015-07-15T00:57:00
db:	JVNDB	id:	JVNDB-2015-003416	date:	2015-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201507-065	date:	2015-07-10T00:00:00
db:	NVD	id:	CVE-2015-3704	date:	2024-11-21T02:29:40.920

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81665	date:	2015-07-03T00:00:00
db:	VULMON	id:	CVE-2015-3704	date:	2015-07-03T00:00:00
db:	BID	id:	75493	date:	2015-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2015-003416	date:	2015-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201507-065	date:	2015-07-03T00:00:00
db:	NVD	id:	CVE-2015-3704	date:	2015-07-03T01:59:57.383