ID

VAR-201509-0033


CVE

CVE-2015-5879


TITLE

Apple iOS Of the kernel XNU Vulnerabilities that bypass the sequence number protection mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2015-004819

DESCRIPTION

XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Kernel is one of the kernel components

Trust: 2.07

sources: NVD: CVE-2015-5879 // JVNDB: JVNDB-2015-004819 // BID: 76764 // VULHUB: VHN-83840 // VULMON: CVE-2015-5879

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:8.4.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004819 // CNNVD: CNNVD-201509-348 // NVD: CVE-2015-5879

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5879
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5879
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201509-348
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83840
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-5879
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5879
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83840
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83840 // VULMON: CVE-2015-5879 // JVNDB: JVNDB-2015-004819 // CNNVD: CNNVD-201509-348 // NVD: CVE-2015-5879

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-83840 // JVNDB: JVNDB-2015-004819 // NVD: CVE-2015-5879

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-348

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201509-348

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004819

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:APPLE-SA-2015-09-16-1 iOS 9url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

Trust: 0.8

title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Trust: 0.8

title:HT205212url:https://support.apple.com/en-us/HT205212

Trust: 0.8

title:HT205267url:https://support.apple.com/en-us/HT205267

Trust: 0.8

title:HT205267url:http://support.apple.com/ja-jp/HT205267

Trust: 0.8

title:HT205212url:http://support.apple.com/ja-jp/HT205212

Trust: 0.8

title:iTunes6464Setupurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57671

Trust: 0.6

title:iPhone7,1_9.0_13A344_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57670

Trust: 0.6

title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7

Trust: 0.1

sources: VULMON: CVE-2015-5879 // JVNDB: JVNDB-2015-004819 // CNNVD: CNNVD-201509-348

EXTERNAL IDS

db:NVDid:CVE-2015-5879

Trust: 2.9

db:BIDid:76764

Trust: 1.5

db:SECTRACKid:1033609

Trust: 1.2

db:JVNid:JVNVU97220341

Trust: 0.8

db:JVNid:JVNVU99970459

Trust: 0.8

db:JVNDBid:JVNDB-2015-004819

Trust: 0.8

db:CNNVDid:CNNVD-201509-348

Trust: 0.7

db:VULHUBid:VHN-83840

Trust: 0.1

db:VULMONid:CVE-2015-5879

Trust: 0.1

sources: VULHUB: VHN-83840 // VULMON: CVE-2015-5879 // BID: 76764 // JVNDB: JVNDB-2015-004819 // CNNVD: CNNVD-201509-348 // NVD: CVE-2015-5879

REFERENCES

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html

Trust: 1.8

url:https://support.apple.com/ht205212

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html

Trust: 1.2

url:http://www.securityfocus.com/bid/76764

Trust: 1.2

url:https://support.apple.com/ht205267

Trust: 1.2

url:http://www.securitytracker.com/id/1033609

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5879

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99970459/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97220341/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5879

Trust: 0.8

url:http://www.apple.com/ios/

Trust: 0.3

url:http://www.apple.com/ipad/

Trust: 0.3

url:http://www.apple.com/iphone/

Trust: 0.3

url:http://www.apple.com/ipodtouch/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.rapid7.com/db/vulnerabilities/apple-osx-networkextension-cve-2015-5831

Trust: 0.1

url:https://support.apple.com/kb/ht205267

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307

Trust: 0.1

sources: VULHUB: VHN-83840 // VULMON: CVE-2015-5879 // BID: 76764 // JVNDB: JVNDB-2015-004819 // CNNVD: CNNVD-201509-348 // NVD: CVE-2015-5879

CREDITS

Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,

Trust: 0.3

sources: BID: 76764

SOURCES

db:VULHUBid:VHN-83840
db:VULMONid:CVE-2015-5879
db:BIDid:76764
db:JVNDBid:JVNDB-2015-004819
db:CNNVDid:CNNVD-201509-348
db:NVDid:CVE-2015-5879

LAST UPDATE DATE

2025-04-13T19:56:37.346000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-83840date:2016-12-22T00:00:00
db:VULMONid:CVE-2015-5879date:2016-12-22T00:00:00
db:BIDid:76764date:2015-11-03T19:44:00
db:JVNDBid:JVNDB-2015-004819date:2015-10-06T00:00:00
db:CNNVDid:CNNVD-201509-348date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5879date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-83840date:2015-09-18T00:00:00
db:VULMONid:CVE-2015-5879date:2015-09-18T00:00:00
db:BIDid:76764date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004819date:2015-09-25T00:00:00
db:CNNVDid:CNNVD-201509-348date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5879date:2015-09-18T12:00:18.653