Details of VAR-201509-0094

ID

VAR-201509-0094

CVE

CVE-2015-5869

TITLE

Apple iOS of IPv6 Stack of Neighbor Discovery Vulnerability to reset hop limit setting in protocol implementation

Trust: 0.8

sources: JVNDB: JVNDB-2015-004749

DESCRIPTION

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. IPv6 stack is one of the IPv6 protocol stack components

Trust: 2.07

sources: NVD: CVE-2015-5869 // JVNDB: JVNDB-2015-004749 // BID: 76764 // VULHUB: VHN-83830 // VULMON: CVE-2015-5869

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	eq	version:	1.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	8.4.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.6.8 thats all 10.11	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2 (apple watch edition)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2 (apple watch sport)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2 (apple watch)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.5	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	8.4.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004749 // CNNVD: CNNVD-201509-345 // NVD: CVE-2015-5869

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5869
value:	LOW
Trust: 1.0
NVD:	CVE-2015-5869
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201509-345
value:	LOW
Trust: 0.6
VULHUB:	VHN-83830
value:	LOW
Trust: 0.1
VULMON:	CVE-2015-5869
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-5869
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-83830
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83830 // VULMON: CVE-2015-5869 // JVNDB: JVNDB-2015-004749 // CNNVD: CNNVD-201509-345 // NVD: CVE-2015-5869

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-83830 // JVNDB: JVNDB-2015-004749 // NVD: CVE-2015-5869

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201509-345

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201509-345

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004749

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-21-1 watchOS 2	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html	Trust: 0.8
title:	APPLE-SA-2015-09-30-3 OS X El Capitan 10.11	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Trust: 0.8
title:	APPLE-SA-2015-09-16-1 iOS 9	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html	Trust: 0.8
title:	HT205267	url:	https://support.apple.com/en-us/HT205267	Trust: 0.8
title:	HT205212	url:	https://support.apple.com/en-us/HT205212	Trust: 0.8
title:	HT205213	url:	https://support.apple.com/en-us/HT205213	Trust: 0.8
title:	HT205267	url:	https://support.apple.com/ja-jp/HT205267	Trust: 0.8
title:	HT205212	url:	http://support.apple.com/ja-jp/HT205212	Trust: 0.8
title:	HT205213	url:	http://support.apple.com/ja-jp/HT205213	Trust: 0.8
title:	Apple: OS X El Capitan v10.11	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7	Trust: 0.1

sources: VULMON: CVE-2015-5869 // JVNDB: JVNDB-2015-004749

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5869	Trust: 2.9
db:	OPENWALL	id:	OSS-SECURITY/2015/04/04/2	Trust: 1.8
db:	BID	id:	76764	Trust: 1.5
db:	SECTRACK	id:	1033609	Trust: 1.2
db:	JVN	id:	JVNVU97220341	Trust: 0.8
db:	JVN	id:	JVNVU99970459	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004749	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-345	Trust: 0.7
db:	VULHUB	id:	VHN-83830	Trust: 0.1
db:	VULMON	id:	CVE-2015-5869	Trust: 0.1

sources: VULHUB: VHN-83830 // VULMON: CVE-2015-5869 // BID: 76764 // JVNDB: JVNDB-2015-004749 // CNNVD: CNNVD-201509-345 // NVD: CVE-2015-5869

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html	Trust: 1.8
url:	https://support.apple.com/ht205212	Trust: 1.8
url:	http://openwall.com/lists/oss-security/2015/04/04/2	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00005.html	Trust: 1.2
url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html	Trust: 1.2
url:	http://www.securityfocus.com/bid/76764	Trust: 1.2
url:	https://support.apple.com/ht205213	Trust: 1.2
url:	https://support.apple.com/ht205267	Trust: 1.2
url:	http://www.securitytracker.com/id/1033609	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5869	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99970459/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97220341/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5869	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-osx-networkextension-cve-2015-5831	Trust: 0.1
url:	https://support.apple.com/kb/ht205267	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=41307	Trust: 0.1

sources: VULHUB: VHN-83830 // VULMON: CVE-2015-5869 // BID: 76764 // JVNDB: JVNDB-2015-004749 // CNNVD: CNNVD-201509-345 // NVD: CVE-2015-5869

CREDITS

Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,

Trust: 0.3

sources: BID: 76764

SOURCES

db:	VULHUB	id:	VHN-83830
db:	VULMON	id:	CVE-2015-5869
db:	BID	id:	76764
db:	JVNDB	id:	JVNDB-2015-004749
db:	CNNVD	id:	CNNVD-201509-345
db:	NVD	id:	CVE-2015-5869

LAST UPDATE DATE

2025-04-13T22:04:57.337000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83830	date:	2016-12-22T00:00:00
db:	VULMON	id:	CVE-2015-5869	date:	2016-12-22T00:00:00
db:	BID	id:	76764	date:	2015-11-03T19:44:00
db:	JVNDB	id:	JVNDB-2015-004749	date:	2015-10-06T00:00:00
db:	CNNVD	id:	CNNVD-201509-345	date:	2015-09-21T00:00:00
db:	NVD	id:	CVE-2015-5869	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83830	date:	2015-09-18T00:00:00
db:	VULMON	id:	CVE-2015-5869	date:	2015-09-18T00:00:00
db:	BID	id:	76764	date:	2015-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-004749	date:	2015-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201509-345	date:	2015-09-21T00:00:00
db:	NVD	id:	CVE-2015-5869	date:	2015-09-18T12:00:15.387