Sign-up

ID

VAR-201512-0136


CVE

CVE-2015-7110


TITLE

Apple OS X and tvOS of Disk Images Vulnerability gained privileges in components

Trust: 0.8

sources: JVNDB: JVNDB-2015-006320

DESCRIPTION

The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image. Apple Mac OS X and tvOS are prone to multiple security bypass and memory corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Both Apple iOS and tvOS are products of Apple Inc. in the United States. The former is an operating system developed for mobile devices. The latter is a smart TV operating system. Disk Images is one of the disk image format components

Trust: 1.98

sources: NVD: CVE-2015-7110 // JVNDB: JVNDB-2015-006320 // BID: 78733 // VULHUB: VHN-85071

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.11.1

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.11.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:9.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:9.1 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:9.1

Trust: 0.6

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:applemodel:tvosscope:neversion:9.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.2

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2015

Trust: 0.3

sources: BID: 78733 // JVNDB: JVNDB-2015-006320 // CNNVD: CNNVD-201512-390 // NVD: CVE-2015-7110

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7110
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7110
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-390
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85071
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7110
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85071
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85071 // JVNDB: JVNDB-2015-006320 // CNNVD: CNNVD-201512-390 // NVD: CVE-2015-7110

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-85071 // JVNDB: JVNDB-2015-006320 // NVD: CVE-2015-7110

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201512-390

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201512-390

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006320

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-85071

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008url:http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
Trust: 0.8
title:APPLE-SA-2015-12-08-2 tvOS 9.1url:http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html
Trust: 0.8
title:HT205640url:https://support.apple.com/en-us/HT205640
Trust: 0.8
title:HT205637url:https://support.apple.com/en-us/HT205637
Trust: 0.8
title:HT205640url:http://support.apple.com/ja-jp/HT205640
Trust: 0.8
title:HT205637url:http://support.apple.com/ja-jp/HT205637
Trust: 0.8
title:Apple iOS  and tvOS Disk Images Fixes for component buffer overflow vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59208
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006320 // 
            
            
            
            CNNVD: CNNVD-201512-390

EXTERNAL IDS
db:NVDid:CVE-2015-7110
Trust: 2.8
db:SECTRACKid:1034344
Trust: 1.1
db:EXPLOIT-DBid:39365
Trust: 1.1
db:JVNid:JVNVU97526033
Trust: 0.8
db:JVNDBid:JVNDB-2015-006320
Trust: 0.8
db:CNNVDid:CNNVD-201512-390
Trust: 0.7
db:BIDid:78733
Trust: 0.3
db:PACKETSTORMid:135437
Trust: 0.1
db:VULHUBid:VHN-85071
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85071 // 
            
            
            
            BID: 78733 // 
            
            
            
            JVNDB: JVNDB-2015-006320 // 
            
            
            
            CNNVD: CNNVD-201512-390 // 
            
            
            
            NVD: CVE-2015-7110

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/dec/msg00001.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html
Trust: 1.7
url:https://support.apple.com/ht205637
Trust: 1.7
url:https://support.apple.com/ht205640
Trust: 1.7
url:https://www.exploit-db.com/exploits/39365/
Trust: 1.1
url:http://www.securitytracker.com/id/1034344
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7110
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97526033/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7110
Trust: 0.8
url:http://www.apple.com/accessibility/tvos/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-85071 // 
            
            
            
            BID: 78733 // 
            
            
            
            JVNDB: JVNDB-2015-006320 // 
            
            
            
            CNNVD: CNNVD-201512-390 // 
            
            
            
            NVD: CVE-2015-7110

CREDITS
Luyi Xing and XiaoFeng Wang of Indiana University Bloomington, Xiaolong Bai of Indiana University Bloomington and Tsinghua University, Tongxin Li of Peking University, Kai Chen of Indiana University Bloomington and Institute of Information Engineering, Xia
Trust: 0.3
sources:
            
            
            BID: 78733

SOURCES
db:VULHUBid:VHN-85071
db:BIDid:78733
db:JVNDBid:JVNDB-2015-006320
db:CNNVDid:CNNVD-201512-390
db:NVDid:CVE-2015-7110

LAST UPDATE DATE
2024-11-23T20:32:12.960000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85071date:2017-09-13T00:00:00
db:BIDid:78733date:2015-12-08T00:00:00
db:JVNDBid:JVNDB-2015-006320date:2015-12-15T00:00:00
db:CNNVDid:CNNVD-201512-390date:2015-12-14T00:00:00
db:NVDid:CVE-2015-7110date:2024-11-21T02:36:14.717

SOURCES RELEASE DATE
db:VULHUBid:VHN-85071date:2015-12-11T00:00:00
db:BIDid:78733date:2015-12-08T00:00:00
db:JVNDBid:JVNDB-2015-006320date:2015-12-15T00:00:00
db:CNNVDid:CNNVD-201512-390date:2015-12-14T00:00:00
db:NVDid:CVE-2015-7110date:2015-12-11T12:00:07.167