Details of VAR-201510-0076

ID

VAR-201510-0076

CVE

CVE-2015-5901

TITLE

Apple OS X of Finder Vulnerability in which important information can be obtained in the function to reliably empty the trash

Trust: 0.8

sources: JVNDB: JVNDB-2015-005161

DESCRIPTION

The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, bypass the authentication mechanism, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Finder is one of the components that finds, displays and organizes all files and folders. The vulnerability stems from the fact that the program does not delete Trash files correctly. A local attacker could exploit this vulnerability to obtain sensitive information by reading the storage medium

Trust: 2.07

sources: NVD: CVE-2015-5901 // JVNDB: JVNDB-2015-005161 // BID: 76910 // VULHUB: VHN-83862 // VULMON: CVE-2015-5901

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.6.8 thats all 10.11	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.11	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3

sources: BID: 76910 // JVNDB: JVNDB-2015-005161 // CNNVD: CNNVD-201510-112 // NVD: CVE-2015-5901

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5901
value:	LOW
Trust: 1.0
NVD:	CVE-2015-5901
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201510-112
value:	LOW
Trust: 0.6
VULHUB:	VHN-83862
value:	LOW
Trust: 0.1
VULMON:	CVE-2015-5901
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-5901
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-83862
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83862 // VULMON: CVE-2015-5901 // JVNDB: JVNDB-2015-005161 // CNNVD: CNNVD-201510-112 // NVD: CVE-2015-5901

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-83862 // JVNDB: JVNDB-2015-005161 // NVD: CVE-2015-5901

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201510-112

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-112

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005161

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-30-3 OS X El Capitan 10.11	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Trust: 0.8
title:	HT205267	url:	https://support.apple.com/en-us/HT205267	Trust: 0.8
title:	HT205267	url:	http://support.apple.com/ja-jp/HT205267	Trust: 0.8
title:	Apple: OS X El Capitan v10.11	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7	Trust: 0.1

sources: VULMON: CVE-2015-5901 // JVNDB: JVNDB-2015-005161

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5901	Trust: 2.9
db:	SECTRACK	id:	1033703	Trust: 1.2
db:	JVN	id:	JVNVU97220341	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005161	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-112	Trust: 0.7
db:	BID	id:	76910	Trust: 0.4
db:	VULHUB	id:	VHN-83862	Trust: 0.1
db:	VULMON	id:	CVE-2015-5901	Trust: 0.1

sources: VULHUB: VHN-83862 // VULMON: CVE-2015-5901 // BID: 76910 // JVNDB: JVNDB-2015-005161 // CNNVD: CNNVD-201510-112 // NVD: CVE-2015-5901

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html	Trust: 1.8
url:	https://support.apple.com/ht205267	Trust: 1.8
url:	http://www.securitytracker.com/id/1033703	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5901	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97220341/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5901	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht205267	Trust: 0.1
url:	https://www.securityfocus.com/bid/76910	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=41307	Trust: 0.1

sources: VULHUB: VHN-83862 // VULMON: CVE-2015-5901 // BID: 76910 // JVNDB: JVNDB-2015-005161 // CNNVD: CNNVD-201510-112 // NVD: CVE-2015-5901

CREDITS

Dan Bastone of Gotham Digital Science, an anonymous researcher, Jack Lawrence (@_jackhl), Xeno Kovah & Corey Kallenberg from LegbaCore, Yuki MIZUNO (@mzyy94), Camillus Gerard Cai, Apple, Luca Todesco, and Ilja van Sprundel of IOActive.

Trust: 0.3

sources: BID: 76910

SOURCES

db:	VULHUB	id:	VHN-83862
db:	VULMON	id:	CVE-2015-5901
db:	BID	id:	76910
db:	JVNDB	id:	JVNDB-2015-005161
db:	CNNVD	id:	CNNVD-201510-112
db:	NVD	id:	CVE-2015-5901

LAST UPDATE DATE

2025-04-13T20:16:27.297000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83862	date:	2016-12-08T00:00:00
db:	VULMON	id:	CVE-2015-5901	date:	2016-12-08T00:00:00
db:	BID	id:	76910	date:	2015-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2015-005161	date:	2015-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201510-112	date:	2015-10-10T00:00:00
db:	NVD	id:	CVE-2015-5901	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83862	date:	2015-10-09T00:00:00
db:	VULMON	id:	CVE-2015-5901	date:	2015-10-09T00:00:00
db:	BID	id:	76910	date:	2015-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2015-005161	date:	2015-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201510-112	date:	2015-10-10T00:00:00
db:	NVD	id:	CVE-2015-5901	date:	2015-10-09T05:59:29.843