ID

VAR-201509-0042


CVE

CVE-2015-5903


TITLE

Apple iOS Privileged vulnerability in Kernel

Trust: 0.8

sources: JVNDB: JVNDB-2015-004756

DESCRIPTION

The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Kernel is one of the kernel components

Trust: 2.07

sources: NVD: CVE-2015-5903 // JVNDB: JVNDB-2015-004756 // BID: 76764 // VULHUB: VHN-83864 // VULMON: CVE-2015-5903

AFFECTED PRODUCTS

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 1.6

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:8.4.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch edition)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch sport)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004756 // CNNVD: CNNVD-201509-357 // NVD: CVE-2015-5903

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5903
value: HIGH

Trust: 1.0

NVD: CVE-2015-5903
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201509-357
value: CRITICAL

Trust: 0.6

VULHUB: VHN-83864
value: HIGH

Trust: 0.1

VULMON: CVE-2015-5903
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-5903
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83864
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83864 // VULMON: CVE-2015-5903 // JVNDB: JVNDB-2015-004756 // CNNVD: CNNVD-201509-357 // NVD: CVE-2015-5903

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-83864 // JVNDB: JVNDB-2015-004756 // NVD: CVE-2015-5903

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-357

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201509-357

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004756

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:APPLE-SA-2015-09-21-1 watchOS 2url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html

Trust: 0.8

title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Trust: 0.8

title:APPLE-SA-2015-09-16-1 iOS 9url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

Trust: 0.8

title:HT205267url:https://support.apple.com/en-us/HT205267

Trust: 0.8

title:HT205212url:https://support.apple.com/en-us/HT205212

Trust: 0.8

title:HT205213url:https://support.apple.com/en-us/HT205213

Trust: 0.8

title:HT205267url:http://support.apple.com/ja-jp/HT205267

Trust: 0.8

title:HT205212url:http://support.apple.com/ja-jp/HT205212

Trust: 0.8

title:HT205213url:http://support.apple.com/ja-jp/HT205213

Trust: 0.8

title:iPhone7,1_9.0_13A344_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57670

Trust: 0.6

title:iTunes6464Setupurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57671

Trust: 0.6

title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7

Trust: 0.1

sources: VULMON: CVE-2015-5903 // JVNDB: JVNDB-2015-004756 // CNNVD: CNNVD-201509-357

EXTERNAL IDS

db:NVDid:CVE-2015-5903

Trust: 2.9

db:BIDid:76764

Trust: 1.5

db:SECTRACKid:1033609

Trust: 1.2

db:JVNid:JVNVU97220341

Trust: 0.8

db:JVNid:JVNVU99970459

Trust: 0.8

db:JVNDBid:JVNDB-2015-004756

Trust: 0.8

db:CNNVDid:CNNVD-201509-357

Trust: 0.7

db:VULHUBid:VHN-83864

Trust: 0.1

db:VULMONid:CVE-2015-5903

Trust: 0.1

sources: VULHUB: VHN-83864 // VULMON: CVE-2015-5903 // BID: 76764 // JVNDB: JVNDB-2015-004756 // CNNVD: CNNVD-201509-357 // NVD: CVE-2015-5903

REFERENCES

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html

Trust: 1.8

url:https://support.apple.com/ht205212

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00005.html

Trust: 1.2

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html

Trust: 1.2

url:http://www.securityfocus.com/bid/76764

Trust: 1.2

url:https://support.apple.com/ht205213

Trust: 1.2

url:https://support.apple.com/ht205267

Trust: 1.2

url:http://www.securitytracker.com/id/1033609

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5903

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99970459/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97220341/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5903

Trust: 0.8

url:http://www.apple.com/ios/

Trust: 0.3

url:http://www.apple.com/ipad/

Trust: 0.3

url:http://www.apple.com/iphone/

Trust: 0.3

url:http://www.apple.com/ipodtouch/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.rapid7.com/db/vulnerabilities/apple-ios-cve-2015-5861

Trust: 0.1

url:https://support.apple.com/kb/ht205267

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307

Trust: 0.1

sources: VULHUB: VHN-83864 // VULMON: CVE-2015-5903 // BID: 76764 // JVNDB: JVNDB-2015-004756 // CNNVD: CNNVD-201509-357 // NVD: CVE-2015-5903

CREDITS

Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,

Trust: 0.3

sources: BID: 76764

SOURCES

db:VULHUBid:VHN-83864
db:VULMONid:CVE-2015-5903
db:BIDid:76764
db:JVNDBid:JVNDB-2015-004756
db:CNNVDid:CNNVD-201509-357
db:NVDid:CVE-2015-5903

LAST UPDATE DATE

2025-04-13T21:55:52.427000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-83864date:2016-12-22T00:00:00
db:VULMONid:CVE-2015-5903date:2016-12-22T00:00:00
db:BIDid:76764date:2015-11-03T19:44:00
db:JVNDBid:JVNDB-2015-004756date:2015-10-14T00:00:00
db:CNNVDid:CNNVD-201509-357date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5903date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-83864date:2015-09-18T00:00:00
db:VULMONid:CVE-2015-5903date:2015-09-18T00:00:00
db:BIDid:76764date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004756date:2015-09-24T00:00:00
db:CNNVDid:CNNVD-201509-357date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5903date:2015-09-18T12:00:30.260