Sign-up

ID

VAR-201507-0403


CVE

CVE-2015-3709


TITLE

Apple OS X of KEXT Vulnerability in tools that circumvents the requirement to sign kernel extensions

Trust: 0.8

sources: JVNDB: JVNDB-2015-003411

DESCRIPTION

Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Admin Framework, afpserver, apache, AppleGraphicsControl, AppleFSCompression, AppleThunderboltEDMService, ATS, Bluetooth, Display Drivers, Intel Graphics Driver, IOAcceleratorFamily, IOFireWireFamily, Kernel, Install Framework Legacy, kext tools, ntfs, QuickTime, Security, Spotlight, and System Stats components. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.10.4. kext tools is one of the kernel extensions, running on the core base of the system. A local attacker could exploit this vulnerability to load unsigned kernel extensions

Trust: 2.07

sources: NVD: CVE-2015-3709 // JVNDB: JVNDB-2015-003411 // BID: 75493 // VULHUB: VHN-81670 // VULMON: CVE-2015-3709

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10 to 10.10.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.3

Trust: 0.6

vendor:applemodel:quicktimescope:eqversion:7.6

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.3.4

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7

Trust: 0.3

sources: BID: 75493 // JVNDB: JVNDB-2015-003411 // CNNVD: CNNVD-201507-070 // NVD: CVE-2015-3709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3709
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3709
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-070
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81670
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-3709
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3709
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81670
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81670 // VULMON: CVE-2015-3709 // JVNDB: JVNDB-2015-003411 // CNNVD: CNNVD-201507-070 // NVD: CVE-2015-3709

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-81670 // JVNDB: JVNDB-2015-003411 // NVD: CVE-2015-3709

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201507-070

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201507-070

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003411

PATCH
title:APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005url:http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
Trust: 0.8
title:HT204942url:http://support.apple.com/en-us/HT204942
Trust: 0.8
title:HT204942url:http://support.apple.com/ja-jp/HT204942
Trust: 0.8
title:osxupd10.10.4url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56516
Trust: 0.6
title:quicktime7.7.7_installerurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56517
Trust: 0.6
title:iPhone7,1_8.4_12H143_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56515
Trust: 0.6
title:Apple: OS X Yosemite v10.10.4 and Security Update 2015-005url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50398602701d671602946005c7864211
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-3709 // 
            
            
            
            JVNDB: JVNDB-2015-003411 // 
            
            
            
            CNNVD: CNNVD-201507-070

EXTERNAL IDS
db:NVDid:CVE-2015-3709
Trust: 2.9
db:BIDid:75493
Trust: 1.5
db:SECTRACKid:1032760
Trust: 1.2
db:JVNDBid:JVNDB-2015-003411
Trust: 0.8
db:CNNVDid:CNNVD-201507-070
Trust: 0.7
db:VULHUBid:VHN-81670
Trust: 0.1
db:VULMONid:CVE-2015-3709
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81670 // 
            
            
            
            VULMON: CVE-2015-3709 // 
            
            
            
            BID: 75493 // 
            
            
            
            JVNDB: JVNDB-2015-003411 // 
            
            
            
            CNNVD: CNNVD-201507-070 // 
            
            
            
            NVD: CVE-2015-3709

REFERENCES
url:http://support.apple.com/kb/ht204942
Trust: 1.9
url:http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html
Trust: 1.8
url:http://www.securityfocus.com/bid/75493
Trust: 1.2
url:http://www.securitytracker.com/id/1032760
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3709
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3709
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/362.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/apple-osx-adminframework-cve-2015-3718
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39581
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81670 // 
            
            
            
            VULMON: CVE-2015-3709 // 
            
            
            
            BID: 75493 // 
            
            
            
            JVNDB: JVNDB-2015-003411 // 
            
            
            
            CNNVD: CNNVD-201507-070 // 
            
            
            
            NVD: CVE-2015-3709

CREDITS
Emil Kvarnhammar at TrueSec, Patrick Wardle of Synack, Dean Jerkovich of NCC Group, Apple, Chen Liang of KEEN Team, an anonymous researcher working with HP's Zero Day Initiative, Pawel Wylecial working with HP's Zero Day Initiative, John Villamil (@day6rea
Trust: 0.3
sources:
            
            
            BID: 75493

SOURCES
db:VULHUBid:VHN-81670
db:VULMONid:CVE-2015-3709
db:BIDid:75493
db:JVNDBid:JVNDB-2015-003411
db:CNNVDid:CNNVD-201507-070
db:NVDid:CVE-2015-3709

LAST UPDATE DATE
2025-04-13T22:36:59.507000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81670date:2017-09-22T00:00:00
db:VULMONid:CVE-2015-3709date:2017-09-22T00:00:00
db:BIDid:75493date:2015-07-15T00:57:00
db:JVNDBid:JVNDB-2015-003411date:2015-07-08T00:00:00
db:CNNVDid:CNNVD-201507-070date:2015-07-03T00:00:00
db:NVDid:CVE-2015-3709date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-81670date:2015-07-03T00:00:00
db:VULMONid:CVE-2015-3709date:2015-07-03T00:00:00
db:BIDid:75493date:2015-06-30T00:00:00
db:JVNDBid:JVNDB-2015-003411date:2015-07-08T00:00:00
db:CNNVDid:CNNVD-201507-070date:2015-07-03T00:00:00
db:NVDid:CVE-2015-3709date:2015-07-03T02:00:02.007