Details of VAR-201508-0442

ID

VAR-201508-0442

CVE

CVE-2015-3796

TITLE

Apple iOS and OS X of Libc of TRE Vulnerability to execute arbitrary code in library

Trust: 0.8

sources: JVNDB: JVNDB-2015-004235

DESCRIPTION

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798. Apple Mac OS X and iOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, execute arbitrary code with system privileges, perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, and perform other attacks. Versions prior to iOS 8.4.1 and OS X 10.10.5 are vulnerable. in the United States. libc is one of the ANSI C function libraries

Trust: 1.98

sources: NVD: CVE-2015-3796 // JVNDB: JVNDB-2015-004235 // BID: 76343 // VULHUB: VHN-81757

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	8.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10 to 10.10.4	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.4.1 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.4.1 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.4.1 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.4	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.4	Trust: 0.6
vendor:	apple	model:	keynote	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	keynote	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	keynote	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.72	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.2.20	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.4	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 76343 // JVNDB: JVNDB-2015-004235 // CNNVD: CNNVD-201508-314 // NVD: CVE-2015-3796

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3796
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-3796
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201508-314
value:	HIGH
Trust: 0.6
VULHUB:	VHN-81757
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-3796
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-81757
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-81757 // JVNDB: JVNDB-2015-004235 // CNNVD: CNNVD-201508-314 // NVD: CVE-2015-3796

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-81757 // JVNDB: JVNDB-2015-004235 // NVD: CVE-2015-3796

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-314

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201508-314

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004235

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-81757

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-08-13-3 iOS 8.4.1	url:	http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html	Trust: 0.8
title:	APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006	url:	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Trust: 0.8
title:	HT205030	url:	http://support.apple.com/en-us/HT205030	Trust: 0.8
title:	HT205031	url:	http://support.apple.com/en-us/HT205031	Trust: 0.8
title:	HT205030	url:	http://support.apple.com/ja-jp/HT205030	Trust: 0.8
title:	HT205031	url:	http://support.apple.com/ja-jp/HT205031	Trust: 0.8
title:	osxupd10.10.5	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57197	Trust: 0.6
title:	iPhone7,1_8.4.1_12H321_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57198	Trust: 0.6

sources: JVNDB: JVNDB-2015-004235 // CNNVD: CNNVD-201508-314

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3796	Trust: 2.9
db:	BID	id:	76343	Trust: 2.0
db:	EXPLOIT-DB	id:	38263	Trust: 1.1
db:	SECTRACK	id:	1033275	Trust: 1.1
db:	JVN	id:	JVNVU94440136	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004235	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-314	Trust: 0.7
db:	PACKETSTORM	id:	133660	Trust: 0.2
db:	VULHUB	id:	VHN-81757	Trust: 0.1

sources: VULHUB: VHN-81757 // BID: 76343 // JVNDB: JVNDB-2015-004235 // PACKETSTORM: 133660 // CNNVD: CNNVD-201508-314 // NVD: CVE-2015-3796

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/76343	Trust: 1.7
url:	https://support.apple.com/kb/ht205030	Trust: 1.7
url:	https://support.apple.com/kb/ht205031	Trust: 1.7
url:	https://www.exploit-db.com/exploits/38263/	Trust: 1.1
url:	http://www.securitytracker.com/id/1033275	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3796	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94440136/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3796	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://support.apple.com/en-us/ht205221	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3796	Trust: 0.1

sources: VULHUB: VHN-81757 // BID: 76343 // JVNDB: JVNDB-2015-004235 // PACKETSTORM: 133660 // CNNVD: CNNVD-201508-314 // NVD: CVE-2015-3796

CREDITS

Apple, TaiG Jailbreak Team, Michal Zalewski, John Villamil (@day6reak) from Yahoo Pentest Team, Ilja van Sprundel, Ian Beer of Google Project Zero, Frank Graziano of the Yahoo Pentest Team, Lufeng Li of Qihoo 360, Mathew Rowley, Bruno Morisson of INTEGRIT S.A.

Trust: 0.6

sources: CNNVD: CNNVD-201508-314

SOURCES

db:	VULHUB	id:	VHN-81757
db:	BID	id:	76343
db:	JVNDB	id:	JVNDB-2015-004235
db:	PACKETSTORM	id:	133660
db:	CNNVD	id:	CNNVD-201508-314
db:	NVD	id:	CVE-2015-3796

LAST UPDATE DATE

2024-11-23T20:01:28.154000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81757	date:	2017-09-16T00:00:00
db:	BID	id:	76343	date:	2016-07-06T13:27:00
db:	JVNDB	id:	JVNDB-2015-004235	date:	2015-08-21T00:00:00
db:	CNNVD	id:	CNNVD-201508-314	date:	2015-08-21T00:00:00
db:	NVD	id:	CVE-2015-3796	date:	2024-11-21T02:29:52.513

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81757	date:	2015-08-17T00:00:00
db:	BID	id:	76343	date:	2015-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-004235	date:	2015-08-21T00:00:00
db:	PACKETSTORM	id:	133660	date:	2015-09-23T00:03:33
db:	CNNVD	id:	CNNVD-201508-314	date:	2015-08-18T00:00:00
db:	NVD	id:	CVE-2015-3796	date:	2015-08-17T00:00:10.407