Sign-up

ID

VAR-201512-0116


CVE

CVE-2015-7082


TITLE

Apple Xcode Used in Git Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-006364

DESCRIPTION

Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases. This vulnerability Xcode Relevant only when using.It may be affected unspecified. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. Git is a free and open source distributed version control system developed by American software developer Linus Torvalds. A security vulnerability exists in Git 2.5.3 and earlier versions used in Apple Xcode 7.1.1 and earlier versions. Attackers can exploit this vulnerability to cause unknown effects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-6 Xcode 7.2 Xcode 7.2 is now available and addresses the following: Git Available for: OS X Yosemite v10.10.5 or later Impact: Multiple vulnerabilities existed in Git Description: Multiple vulnerabilities existed in Git versions prior to 2.5.4. These were addressed by updating Git to version 2.5.4. CVE-ID CVE-2015-7082 IDE SCM Available for: OS X Yosemite v10.10.5 or later Impact: Intentionally untracked files may be uploaded to repositories Description: Xcode did not honor the .gitignore directive. This issue was addressed by adding support to honor .gitignore file. CVE-ID CVE-2015-7056 : Stephen Lardieri otools Available for: OS X Yosemite v10.10.5 or later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of mach-o files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7049 : Proteas of Qihoo 360 Nirvan Team CVE-2015-7057 : Proteas of Qihoo 360 Nirvan Team Installation note: Xcode 7.2 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "7.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWZzRaAAoJEBcWfLTuOo7td2kP/Ag61Qpz8uA8MgClf9SbFJau FNMDPV7ZOLPPc+DA37rQIwQemSe8dkt4Jnc6TOcTQdR7+f+Mt0QgscDW9xlOlYT4 Ofg5h5XnrKQ02DBkptD4ms5RH8JAHDKCYj8WttlBnBVsJMb6H3s5Om6vfubXkb7t 6bdUMe7iCgRsGuRrBuzPfxjMzh2ilnWML1B6VJkRi6rMnWTW2a66BWvfqLL1Cv2h 1ybIaJi1wsw0lTxGIb+bNM8lg+EL4JLEV+DSJ6mFtDpF6dQBqndbxjopbO5l6LzT rnWtFTQQ1/6SAM11n9bbDOQj8w8QW3v0CAyad4HN+5Ayk/qnuJZ8o1ycSGAIrQgr HCzG8RELjK9ipgkdu5daXUc75SGVPuuwobQM6SNzrg5M6SVzIvVdSibTwfgnDvgu PQO6mBZXLewSBoWqJAQnoDJXExSJ67IE5RzXwvg5KQcF+81Toj48HUxxd98PKrnI gPbhf8QT9/asGupN4wh3JjN73/qm2BwpJsbPvVj42Ew1OnsBgldpEL1Ssl/2qX0O pPi1pfF6PIFQUrbloWyYC+lIJuydb3FZUYKLR6HSn7v7RrZu5n8Uvj+5VX3TyVOi 5WzXvbHd9L3exphb8SnITTUdZX6LzkUgRrQRvGWTzT/AfIHQRAyliyk7BgYRqzHH ObtqW74YB0YXaiw1ckGl =FxUB -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2015-7082 // JVNDB: JVNDB-2015-006364 // BID: 78727 // VULHUB: VHN-85043 // PACKETSTORM: 134747

AFFECTED PRODUCTS

vendor:gitmodel:gitscope:lteversion:2.5.3

Trust: 1.0

vendor:gitmodel:gitscope:eqversion:2.5.3

Trust: 0.9

vendor:gitmodel:gitscope:ltversion:2.5.4

Trust: 0.8

vendor:applemodel:xcodescope:ltversion:7.2 (os x yosemite v10.10.5 or later )

Trust: 0.8

vendor:gitmodel:gitscope:eqversion:2.5.2

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.5.1

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.5

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.2.1

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.2

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.1.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.1.3

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.1

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.0.5

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.0.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.0

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.9.5

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.9.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.9

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.8.56

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.7.2

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.6.3.2

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.66

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.65

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.66

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.65

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.6.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.6.3

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.6

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.56

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.55

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.5

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.47

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.46

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.24

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.1.5

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.1.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.8.5.5

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.8.5.0

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.8.1.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.8.1.3

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.8

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.7.3.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.7.3.3

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.4.4.5

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.4.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:5.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.5

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:gitmodel:gitscope:neversion:2.5.4

Trust: 0.3

vendor:applemodel:xcodescope:neversion:7.2

Trust: 0.3

sources: BID: 78727 // JVNDB: JVNDB-2015-006364 // CNNVD: CNNVD-201512-370 // NVD: CVE-2015-7082

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7082
value: HIGH

Trust: 1.0

NVD: CVE-2015-7082
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201512-370
value: CRITICAL

Trust: 0.6

VULHUB: VHN-85043
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-7082
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85043
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85043 // JVNDB: JVNDB-2015-006364 // CNNVD: CNNVD-201512-370 // NVD: CVE-2015-7082

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-7082

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-370

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201512-370

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006364

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-12-08-6 Xcode 7.2url:http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html
Trust: 0.8
title:HT205642url:https://support.apple.com/en-us/HT205642
Trust: 0.8
title:HT205642url:http://support.apple.com/ja-jp/HT205642
Trust: 0.8
title:Git v2.5.4 Release Notesurl:https://github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt
Trust: 0.8
title:Apple Xcode Git Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59188
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006364 // 
            
            
            
            CNNVD: CNNVD-201512-370

EXTERNAL IDS
db:NVDid:CVE-2015-7082
Trust: 2.9
db:SECTRACKid:1034340
Trust: 1.1
db:JVNid:JVNVU97526033
Trust: 0.8
db:JVNDBid:JVNDB-2015-006364
Trust: 0.8
db:CNNVDid:CNNVD-201512-370
Trust: 0.7
db:AUSCERTid:ESB-2020.2340
Trust: 0.6
db:BIDid:78727
Trust: 0.3
db:VULHUBid:VHN-85043
Trust: 0.1
db:PACKETSTORMid:134747
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85043 // 
            
            
            
            BID: 78727 // 
            
            
            
            JVNDB: JVNDB-2015-006364 // 
            
            
            
            PACKETSTORM: 134747 // 
            
            
            
            CNNVD: CNNVD-201512-370 // 
            
            
            
            NVD: CVE-2015-7082

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/dec/msg00004.html
Trust: 1.1
url:https://github.com/git/git/blob/master/documentation/relnotes/2.5.4.txt
Trust: 1.1
url:https://support.apple.com/ht205642
Trust: 1.1
url:http://www.securitytracker.com/id/1034340
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7082
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97526033/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7082
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2340/
Trust: 0.6
url:http://git.or.cz/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://developer.apple.com/xcode/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2015-7057
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7082
Trust: 0.1
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://gpgtools.org
Trust: 0.1
url:https://developer.apple.com/xcode/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7049
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7056
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85043 // 
            
            
            
            BID: 78727 // 
            
            
            
            JVNDB: JVNDB-2015-006364 // 
            
            
            
            PACKETSTORM: 134747 // 
            
            
            
            CNNVD: CNNVD-201512-370 // 
            
            
            
            NVD: CVE-2015-7082

CREDITS
Stephen Lardieri and Proteas of Qihoo 360 Nirvan Team
Trust: 0.3
sources:
            
            
            BID: 78727

SOURCES
db:VULHUBid:VHN-85043
db:BIDid:78727
db:JVNDBid:JVNDB-2015-006364
db:PACKETSTORMid:134747
db:CNNVDid:CNNVD-201512-370
db:NVDid:CVE-2015-7082

LAST UPDATE DATE
2024-08-14T12:36:04.449000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85043date:2016-12-07T00:00:00
db:BIDid:78727date:2015-12-08T00:00:00
db:JVNDBid:JVNDB-2015-006364date:2015-12-15T00:00:00
db:CNNVDid:CNNVD-201512-370date:2020-07-10T00:00:00
db:NVDid:CVE-2015-7082date:2016-12-07T18:22:28.917

SOURCES RELEASE DATE
db:VULHUBid:VHN-85043date:2015-12-11T00:00:00
db:BIDid:78727date:2015-12-08T00:00:00
db:JVNDBid:JVNDB-2015-006364date:2015-12-15T00:00:00
db:PACKETSTORMid:134747date:2015-12-10T17:11:47
db:CNNVDid:CNNVD-201512-370date:2015-12-14T00:00:00
db:NVDid:CVE-2015-7082date:2015-12-11T11:59:47.580