ID

VAR-201512-0116


CVE

CVE-2015-7082


TITLE

Apple Xcode Used in Git Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-006364

DESCRIPTION

Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases. This vulnerability Xcode Relevant only when using.It may be affected unspecified. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. Git is a free and open source distributed version control system developed by American software developer Linus Torvalds. A security vulnerability exists in Git 2.5.3 and earlier versions used in Apple Xcode 7.1.1 and earlier versions. Attackers can exploit this vulnerability to cause unknown effects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-6 Xcode 7.2 Xcode 7.2 is now available and addresses the following: Git Available for: OS X Yosemite v10.10.5 or later Impact: Multiple vulnerabilities existed in Git Description: Multiple vulnerabilities existed in Git versions prior to 2.5.4. These were addressed by updating Git to version 2.5.4. CVE-ID CVE-2015-7082 IDE SCM Available for: OS X Yosemite v10.10.5 or later Impact: Intentionally untracked files may be uploaded to repositories Description: Xcode did not honor the .gitignore directive. This issue was addressed by adding support to honor .gitignore file. CVE-ID CVE-2015-7056 : Stephen Lardieri otools Available for: OS X Yosemite v10.10.5 or later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of mach-o files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7049 : Proteas of Qihoo 360 Nirvan Team CVE-2015-7057 : Proteas of Qihoo 360 Nirvan Team Installation note: Xcode 7.2 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "7.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWZzRaAAoJEBcWfLTuOo7td2kP/Ag61Qpz8uA8MgClf9SbFJau FNMDPV7ZOLPPc+DA37rQIwQemSe8dkt4Jnc6TOcTQdR7+f+Mt0QgscDW9xlOlYT4 Ofg5h5XnrKQ02DBkptD4ms5RH8JAHDKCYj8WttlBnBVsJMb6H3s5Om6vfubXkb7t 6bdUMe7iCgRsGuRrBuzPfxjMzh2ilnWML1B6VJkRi6rMnWTW2a66BWvfqLL1Cv2h 1ybIaJi1wsw0lTxGIb+bNM8lg+EL4JLEV+DSJ6mFtDpF6dQBqndbxjopbO5l6LzT rnWtFTQQ1/6SAM11n9bbDOQj8w8QW3v0CAyad4HN+5Ayk/qnuJZ8o1ycSGAIrQgr HCzG8RELjK9ipgkdu5daXUc75SGVPuuwobQM6SNzrg5M6SVzIvVdSibTwfgnDvgu PQO6mBZXLewSBoWqJAQnoDJXExSJ67IE5RzXwvg5KQcF+81Toj48HUxxd98PKrnI gPbhf8QT9/asGupN4wh3JjN73/qm2BwpJsbPvVj42Ew1OnsBgldpEL1Ssl/2qX0O pPi1pfF6PIFQUrbloWyYC+lIJuydb3FZUYKLR6HSn7v7RrZu5n8Uvj+5VX3TyVOi 5WzXvbHd9L3exphb8SnITTUdZX6LzkUgRrQRvGWTzT/AfIHQRAyliyk7BgYRqzHH ObtqW74YB0YXaiw1ckGl =FxUB -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2015-7082 // JVNDB: JVNDB-2015-006364 // BID: 78727 // VULHUB: VHN-85043 // PACKETSTORM: 134747

AFFECTED PRODUCTS

vendor:gitmodel:gitscope:lteversion:2.5.3

Trust: 1.0

vendor:gitmodel:gitscope:eqversion:2.5.3

Trust: 0.9

vendor:gitmodel:gitscope:ltversion:2.5.4

Trust: 0.8

vendor:applemodel:xcodescope:ltversion:7.2 (os x yosemite v10.10.5 or later )

Trust: 0.8

vendor:gitmodel:gitscope:eqversion:2.5.2

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.5.1

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.5

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.2.1

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.2

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.1.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.1.3

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.1

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.0.5

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.0.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:2.0

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.9.5

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.9.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.9

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.8.56

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.7.2

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.6.3.2

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.66

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.65

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.66

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.65

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.6.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.6.3

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.6

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.56

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.55

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.5

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.47

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.46

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.5.24

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.1.5

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.1.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.8.5.5

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.8.5.0

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.8.1.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.8.1.3

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.8

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.7.3.4

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.7.3.3

Trust: 0.3

vendor:gitmodel:gitscope:eqversion:1.4.4.5

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.4.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:5.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.5

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:gitmodel:gitscope:neversion:2.5.4

Trust: 0.3

vendor:applemodel:xcodescope:neversion:7.2

Trust: 0.3

sources: BID: 78727 // JVNDB: JVNDB-2015-006364 // CNNVD: CNNVD-201512-370 // NVD: CVE-2015-7082

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7082
value: HIGH

Trust: 1.0

NVD: CVE-2015-7082
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201512-370
value: CRITICAL

Trust: 0.6

VULHUB: VHN-85043
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-7082
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85043
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85043 // JVNDB: JVNDB-2015-006364 // CNNVD: CNNVD-201512-370 // NVD: CVE-2015-7082

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-7082

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-370

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201512-370

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006364

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:APPLE-SA-2015-12-08-6 Xcode 7.2url:http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html

Trust: 0.8

title:HT205642url:https://support.apple.com/en-us/HT205642

Trust: 0.8

title:HT205642url:http://support.apple.com/ja-jp/HT205642

Trust: 0.8

title:Git v2.5.4 Release Notesurl:https://github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt

Trust: 0.8

title:Apple Xcode Git Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59188

Trust: 0.6

sources: JVNDB: JVNDB-2015-006364 // CNNVD: CNNVD-201512-370

EXTERNAL IDS

db:NVDid:CVE-2015-7082

Trust: 2.9

db:SECTRACKid:1034340

Trust: 1.1

db:JVNid:JVNVU97526033

Trust: 0.8

db:JVNDBid:JVNDB-2015-006364

Trust: 0.8

db:CNNVDid:CNNVD-201512-370

Trust: 0.7

db:AUSCERTid:ESB-2020.2340

Trust: 0.6

db:BIDid:78727

Trust: 0.3

db:VULHUBid:VHN-85043

Trust: 0.1

db:PACKETSTORMid:134747

Trust: 0.1

sources: VULHUB: VHN-85043 // BID: 78727 // JVNDB: JVNDB-2015-006364 // PACKETSTORM: 134747 // CNNVD: CNNVD-201512-370 // NVD: CVE-2015-7082

REFERENCES

url:http://lists.apple.com/archives/security-announce/2015/dec/msg00004.html

Trust: 1.1

url:https://github.com/git/git/blob/master/documentation/relnotes/2.5.4.txt

Trust: 1.1

url:https://support.apple.com/ht205642

Trust: 1.1

url:http://www.securitytracker.com/id/1034340

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7082

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97526033/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7082

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2340/

Trust: 0.6

url:http://git.or.cz/

Trust: 0.3

url:http://www.apple.com/macosx/

Trust: 0.3

url:https://developer.apple.com/xcode/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7057

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7082

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://gpgtools.org

Trust: 0.1

url:https://developer.apple.com/xcode/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7049

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7056

Trust: 0.1

sources: VULHUB: VHN-85043 // BID: 78727 // JVNDB: JVNDB-2015-006364 // PACKETSTORM: 134747 // CNNVD: CNNVD-201512-370 // NVD: CVE-2015-7082

CREDITS

Stephen Lardieri and Proteas of Qihoo 360 Nirvan Team

Trust: 0.3

sources: BID: 78727

SOURCES

db:VULHUBid:VHN-85043
db:BIDid:78727
db:JVNDBid:JVNDB-2015-006364
db:PACKETSTORMid:134747
db:CNNVDid:CNNVD-201512-370
db:NVDid:CVE-2015-7082

LAST UPDATE DATE

2024-08-14T12:36:04.449000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-85043date:2016-12-07T00:00:00
db:BIDid:78727date:2015-12-08T00:00:00
db:JVNDBid:JVNDB-2015-006364date:2015-12-15T00:00:00
db:CNNVDid:CNNVD-201512-370date:2020-07-10T00:00:00
db:NVDid:CVE-2015-7082date:2016-12-07T18:22:28.917

SOURCES RELEASE DATE

db:VULHUBid:VHN-85043date:2015-12-11T00:00:00
db:BIDid:78727date:2015-12-08T00:00:00
db:JVNDBid:JVNDB-2015-006364date:2015-12-15T00:00:00
db:PACKETSTORMid:134747date:2015-12-10T17:11:47
db:CNNVDid:CNNVD-201512-370date:2015-12-14T00:00:00
db:NVDid:CVE-2015-7082date:2015-12-11T11:59:47.580