Details of VAR-201508-0109

ID

VAR-201508-0109

CVE

CVE-2015-5754

TITLE

Apple OS X of Install Framework Legacy Component vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2015-004292

DESCRIPTION

Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. Note: The issue described by CVE-2015-3778 has been removed. The issue is discussed in BID 83590 (Apple Mac OS X and iOS CVE-2015-3778 Information Disclosure Vulnerability). These issues affect OS X prior to 10.10.5. Install Framework Legacy is one of the installation framework components

Trust: 1.98

sources: NVD: CVE-2015-5754 // JVNDB: JVNDB-2015-004292 // BID: 76340 // VULHUB: VHN-83715

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10 to 10.10.4	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.4	Trust: 0.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7.3.4	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	quicktime	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.4	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 76340 // JVNDB: JVNDB-2015-004292 // CNNVD: CNNVD-201508-268 // NVD: CVE-2015-5754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5754
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-5754
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201508-268
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-83715
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-5754
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-83715
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83715 // JVNDB: JVNDB-2015-004292 // CNNVD: CNNVD-201508-268 // NVD: CVE-2015-5754

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-83715 // JVNDB: JVNDB-2015-004292 // NVD: CVE-2015-5754

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-268

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201508-268

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004292

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-83715

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006	url:	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Trust: 0.8
title:	HT205031	url:	http://support.apple.com/en-us/HT205031	Trust: 0.8
title:	HT205031	url:	http://support.apple.com/ja-jp/HT205031	Trust: 0.8

sources: JVNDB: JVNDB-2015-004292

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5754	Trust: 2.8
db:	BID	id:	76340	Trust: 2.0
db:	PACKETSTORM	id:	133550	Trust: 1.1
db:	EXPLOIT-DB	id:	38136	Trust: 1.1
db:	SECTRACK	id:	1033276	Trust: 1.1
db:	JVN	id:	JVNVU94440136	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004292	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-268	Trust: 0.7
db:	ZDI	id:	ZDI-15-390	Trust: 0.3
db:	VULHUB	id:	VHN-83715	Trust: 0.1

sources: VULHUB: VHN-83715 // BID: 76340 // JVNDB: JVNDB-2015-004292 // CNNVD: CNNVD-201508-268 // NVD: CVE-2015-5754

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/76340	Trust: 1.7
url:	https://support.apple.com/kb/ht205031	Trust: 1.7
url:	https://www.exploit-db.com/exploits/38136/	Trust: 1.1
url:	http://packetstormsecurity.com/files/133550/os-x-suid-privilege-escalation.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1033276	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5754	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94440136/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5754	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-390/	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00004.html	Trust: 0.3
url:	https://support.apple.com/en-ie/ht205031	Trust: 0.3

sources: VULHUB: VHN-83715 // BID: 76340 // JVNDB: JVNDB-2015-004292 // CNNVD: CNNVD-201508-268 // NVD: CVE-2015-5754

CREDITS

An anonymous researcher working with HP's Zero Day Initiative, Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team, Maxime VILLARD of m00nbsd, Ryan Pentney and Richard Johnson of Cisco Talos, Xiaoyong Wu of the Evernote Security Team, JieTao Yang of KeenTeam

Trust: 0.6

sources: CNNVD: CNNVD-201508-268

SOURCES

db:	VULHUB	id:	VHN-83715
db:	BID	id:	76340
db:	JVNDB	id:	JVNDB-2015-004292
db:	CNNVD	id:	CNNVD-201508-268
db:	NVD	id:	CVE-2015-5754

LAST UPDATE DATE

2024-11-23T20:18:20.595000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83715	date:	2017-09-21T00:00:00
db:	BID	id:	76340	date:	2016-07-05T21:35:00
db:	JVNDB	id:	JVNDB-2015-004292	date:	2015-08-21T00:00:00
db:	CNNVD	id:	CNNVD-201508-268	date:	2015-08-18T00:00:00
db:	NVD	id:	CVE-2015-5754	date:	2024-11-21T02:33:46.633

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83715	date:	2015-08-17T00:00:00
db:	BID	id:	76340	date:	2015-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-004292	date:	2015-08-21T00:00:00
db:	CNNVD	id:	CNNVD-201508-268	date:	2015-08-18T00:00:00
db:	NVD	id:	CVE-2015-5754	date:	2015-08-17T00:00:35.267