Sign-up

ID

VAR-201510-0066


CVE

CVE-2015-5884


TITLE

Apple OS X Mail Mail Drop Vulnerabilities that capture important information on functions

Trust: 0.8

sources: JVNDB: JVNDB-2015-005151

DESCRIPTION

The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Mail is one of the mail components. The vulnerability stems from the fact that the program does not properly handle the encryption parameters of attachments

Trust: 2.07

sources: NVD: CVE-2015-5884 // JVNDB: JVNDB-2015-005151 // BID: 76908 // VULHUB: VHN-83845 // VULMON: CVE-2015-5884

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

sources: BID: 76908 // JVNDB: JVNDB-2015-005151 // CNNVD: CNNVD-201510-102 // NVD: CVE-2015-5884

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5884
value: LOW

Trust: 1.0

NVD: CVE-2015-5884
value: LOW

Trust: 0.8

CNNVD: CNNVD-201510-102
value: LOW

Trust: 0.6

VULHUB: VHN-83845
value: LOW

Trust: 0.1

VULMON: CVE-2015-5884
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-5884
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83845
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83845 // VULMON: CVE-2015-5884 // JVNDB: JVNDB-2015-005151 // CNNVD: CNNVD-201510-102 // NVD: CVE-2015-5884

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-83845 // JVNDB: JVNDB-2015-005151 // NVD: CVE-2015-5884

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201510-102

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-102

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005151

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Trust: 0.8
title:HT205267url:https://support.apple.com/en-us/HT205267
Trust: 0.8
title:HT205267url:http://support.apple.com/ja-jp/HT205267
Trust: 0.8
title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-5884 // 
            
            
            
            JVNDB: JVNDB-2015-005151

EXTERNAL IDS
db:NVDid:CVE-2015-5884
Trust: 2.9
db:BIDid:76908
Trust: 1.5
db:SECTRACKid:1033703
Trust: 1.2
db:JVNid:JVNVU97220341
Trust: 0.8
db:JVNDBid:JVNDB-2015-005151
Trust: 0.8
db:CNNVDid:CNNVD-201510-102
Trust: 0.7
db:VULHUBid:VHN-83845
Trust: 0.1
db:VULMONid:CVE-2015-5884
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83845 // 
            
            
            
            VULMON: CVE-2015-5884 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005151 // 
            
            
            
            CNNVD: CNNVD-201510-102 // 
            
            
            
            NVD: CVE-2015-5884

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html
Trust: 1.8
url:https://support.apple.com/ht205267
Trust: 1.8
url:http://www.securityfocus.com/bid/76908
Trust: 1.3
url:http://www.securitytracker.com/id/1033703
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5884
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97220341/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5884
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-in/ht205267
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht205267
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83845 // 
            
            
            
            VULMON: CVE-2015-5884 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005151 // 
            
            
            
            CNNVD: CNNVD-201510-102 // 
            
            
            
            NVD: CVE-2015-5884

CREDITS
Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of
Trust: 0.3
sources:
            
            
            BID: 76908

SOURCES
db:VULHUBid:VHN-83845
db:VULMONid:CVE-2015-5884
db:BIDid:76908
db:JVNDBid:JVNDB-2015-005151
db:CNNVDid:CNNVD-201510-102
db:NVDid:CVE-2015-5884

LAST UPDATE DATE
2025-04-13T19:44:06.120000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83845date:2016-12-08T00:00:00
db:VULMONid:CVE-2015-5884date:2016-12-08T00:00:00
db:BIDid:76908date:2015-12-08T22:02:00
db:JVNDBid:JVNDB-2015-005151date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-102date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5884date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83845date:2015-10-09T00:00:00
db:VULMONid:CVE-2015-5884date:2015-10-09T00:00:00
db:BIDid:76908date:2015-09-30T00:00:00
db:JVNDBid:JVNDB-2015-005151date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-102date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5884date:2015-10-09T05:59:20.233