Details of VAR-201510-0069

ID

VAR-201510-0069

CVE

CVE-2015-5889

TITLE

Apple OS X of remote_cmds Component rsh In root Privileged vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-005154

DESCRIPTION

rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11

Trust: 2.07

sources: NVD: CVE-2015-5889 // JVNDB: JVNDB-2015-005154 // BID: 76908 // VULHUB: VHN-83850 // VULMON: CVE-2015-5889

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.6.8 thats all 10.11	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3

sources: BID: 76908 // JVNDB: JVNDB-2015-005154 // CNNVD: CNNVD-201510-105 // NVD: CVE-2015-5889

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5889
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-5889
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201510-105
value:	HIGH
Trust: 0.6
VULHUB:	VHN-83850
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-5889
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-5889
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-83850
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83850 // VULMON: CVE-2015-5889 // JVNDB: JVNDB-2015-005154 // CNNVD: CNNVD-201510-105 // NVD: CVE-2015-5889

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-83850 // JVNDB: JVNDB-2015-005154 // NVD: CVE-2015-5889

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201510-105

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201510-105

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005154

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-83850 // VULMON: CVE-2015-5889

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-30-3 OS X El Capitan 10.11	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Trust: 0.8
title:	HT205267	url:	https://support.apple.com/en-us/HT205267	Trust: 0.8
title:	HT205267	url:	http://support.apple.com/ja-jp/HT205267	Trust: 0.8
title:	Apple: OS X El Capitan v10.11	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7	Trust: 0.1
title:	Root-MacOS	url:	https://github.com/TH3-HUNT3R/Root-MacOS	Trust: 0.1
title:	rootOS	url:	https://github.com/thehappydinoa/rootOS	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/mac-linux-attack-finspy/159607/	Trust: 0.1

sources: VULMON: CVE-2015-5889 // JVNDB: JVNDB-2015-005154

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5889	Trust: 2.9
db:	BID	id:	76908	Trust: 1.5
db:	EXPLOIT-DB	id:	38371	Trust: 1.2
db:	EXPLOIT-DB	id:	38540	Trust: 1.2
db:	PACKETSTORM	id:	133826	Trust: 1.2
db:	PACKETSTORM	id:	134087	Trust: 1.2
db:	SECTRACK	id:	1033703	Trust: 1.2
db:	JVN	id:	JVNVU97220341	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005154	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-105	Trust: 0.7
db:	VULHUB	id:	VHN-83850	Trust: 0.1
db:	VULMON	id:	CVE-2015-5889	Trust: 0.1

sources: VULHUB: VHN-83850 // VULMON: CVE-2015-5889 // BID: 76908 // JVNDB: JVNDB-2015-005154 // CNNVD: CNNVD-201510-105 // NVD: CVE-2015-5889

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html	Trust: 1.8
url:	https://support.apple.com/ht205267	Trust: 1.8
url:	https://www.exploit-db.com/exploits/38540/	Trust: 1.3
url:	http://www.securityfocus.com/bid/76908	Trust: 1.2
url:	https://www.exploit-db.com/exploits/38371/	Trust: 1.2
url:	http://seclists.org/fulldisclosure/2015/oct/5	Trust: 1.2
url:	http://packetstormsecurity.com/files/133826/issetugid-rsh-libmalloc-os-x-local-root.html	Trust: 1.2
url:	http://packetstormsecurity.com/files/134087/mac-os-x-10.9.5-10.10.5-rsh-libmalloc-privilege-escalation.html	Trust: 1.2
url:	http://www.rapid7.com/db/modules/exploit/osx/local/rsh_libmalloc	Trust: 1.2
url:	http://www.securitytracker.com/id/1033703	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5889	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97220341/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5889	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://support.apple.com/en-in/ht205267	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/mac-linux-attack-finspy/159607/	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-osx-iohidfamily-cve-2015-5866	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=41307	Trust: 0.1

sources: VULHUB: VHN-83850 // VULMON: CVE-2015-5889 // BID: 76908 // JVNDB: JVNDB-2015-005154 // CNNVD: CNNVD-201510-105 // NVD: CVE-2015-5889

CREDITS

Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of

Trust: 0.3

sources: BID: 76908

SOURCES

db:	VULHUB	id:	VHN-83850
db:	VULMON	id:	CVE-2015-5889
db:	BID	id:	76908
db:	JVNDB	id:	JVNDB-2015-005154
db:	CNNVD	id:	CNNVD-201510-105
db:	NVD	id:	CVE-2015-5889

LAST UPDATE DATE

2024-11-23T20:24:16.978000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83850	date:	2016-12-24T00:00:00
db:	VULMON	id:	CVE-2015-5889	date:	2016-12-24T00:00:00
db:	BID	id:	76908	date:	2015-12-08T22:02:00
db:	JVNDB	id:	JVNDB-2015-005154	date:	2015-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201510-105	date:	2015-10-10T00:00:00
db:	NVD	id:	CVE-2015-5889	date:	2024-11-21T02:34:04.080

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83850	date:	2015-10-09T00:00:00
db:	VULMON	id:	CVE-2015-5889	date:	2015-10-09T00:00:00
db:	BID	id:	76908	date:	2015-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2015-005154	date:	2015-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201510-105	date:	2015-10-10T00:00:00
db:	NVD	id:	CVE-2015-5889	date:	2015-10-09T05:59:23.267