Sign-up

ID

VAR-201510-0065


CVE

CVE-2015-5883


TITLE

Apple OS X Implementation of two-way text display and selection in a terminal forged text document content

Trust: 0.8

sources: JVNDB: JVNDB-2015-005150

DESCRIPTION

The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Terminal is one of the terminal components. The vulnerability stems from the fact that the program interprets directional overlay formatting characters in different ways

Trust: 2.07

sources: NVD: CVE-2015-5883 // JVNDB: JVNDB-2015-005150 // BID: 76908 // VULHUB: VHN-83844 // VULMON: CVE-2015-5883

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

sources: BID: 76908 // JVNDB: JVNDB-2015-005150 // CNNVD: CNNVD-201510-101 // NVD: CVE-2015-5883

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5883
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5883
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-101
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83844
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-5883
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5883
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83844
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83844 // VULMON: CVE-2015-5883 // JVNDB: JVNDB-2015-005150 // CNNVD: CNNVD-201510-101 // NVD: CVE-2015-5883

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-83844 // JVNDB: JVNDB-2015-005150 // NVD: CVE-2015-5883

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-101

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201510-101

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005150

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Trust: 0.8
title:HT205267url:https://support.apple.com/en-us/HT205267
Trust: 0.8
title:HT205267url:http://support.apple.com/ja-jp/HT205267
Trust: 0.8
title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-5883 // 
            
            
            
            JVNDB: JVNDB-2015-005150

EXTERNAL IDS
db:NVDid:CVE-2015-5883
Trust: 2.9
db:BIDid:76908
Trust: 1.5
db:SECTRACKid:1033703
Trust: 1.2
db:JVNid:JVNVU97220341
Trust: 0.8
db:JVNDBid:JVNDB-2015-005150
Trust: 0.8
db:CNNVDid:CNNVD-201510-101
Trust: 0.7
db:VULHUBid:VHN-83844
Trust: 0.1
db:VULMONid:CVE-2015-5883
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83844 // 
            
            
            
            VULMON: CVE-2015-5883 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005150 // 
            
            
            
            CNNVD: CNNVD-201510-101 // 
            
            
            
            NVD: CVE-2015-5883

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html
Trust: 1.8
url:https://support.apple.com/ht205267
Trust: 1.8
url:http://www.securityfocus.com/bid/76908
Trust: 1.3
url:http://www.securitytracker.com/id/1033703
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5883
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97220341/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5883
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-in/ht205267
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht205267
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83844 // 
            
            
            
            VULMON: CVE-2015-5883 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005150 // 
            
            
            
            CNNVD: CNNVD-201510-101 // 
            
            
            
            NVD: CVE-2015-5883

CREDITS
Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of
Trust: 0.3
sources:
            
            
            BID: 76908

SOURCES
db:VULHUBid:VHN-83844
db:VULMONid:CVE-2015-5883
db:BIDid:76908
db:JVNDBid:JVNDB-2015-005150
db:CNNVDid:CNNVD-201510-101
db:NVDid:CVE-2015-5883

LAST UPDATE DATE
2025-04-13T19:43:36.255000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83844date:2016-12-08T00:00:00
db:VULMONid:CVE-2015-5883date:2016-12-08T00:00:00
db:BIDid:76908date:2015-12-08T22:02:00
db:JVNDBid:JVNDB-2015-005150date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-101date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5883date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83844date:2015-10-09T00:00:00
db:VULMONid:CVE-2015-5883date:2015-10-09T00:00:00
db:BIDid:76908date:2015-09-30T00:00:00
db:JVNDBid:JVNDB-2015-005150date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-101date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5883date:2015-10-09T05:59:19.170