Sign-up

ID

VAR-201510-0077


CVE

CVE-2015-5902


TITLE

Apple OS X Service disruption in the kernel debug function (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-005162

DESCRIPTION

The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. Apple OS X The kernel's debug function has a fault in status management, which could interfere with service operation. (DoS) There are vulnerabilities that are put into a state.Service disruption by local users (DoS) There is a possibility of being put into a state. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Kernel is one of the kernel components. A local attacker could exploit this vulnerability to cause a denial of service

Trust: 2.07

sources: NVD: CVE-2015-5902 // JVNDB: JVNDB-2015-005162 // BID: 76908 // VULHUB: VHN-83863 // VULMON: CVE-2015-5902

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

sources: BID: 76908 // JVNDB: JVNDB-2015-005162 // CNNVD: CNNVD-201510-113 // NVD: CVE-2015-5902

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5902
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5902
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-113
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83863
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-5902
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5902
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83863
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83863 // VULMON: CVE-2015-5902 // JVNDB: JVNDB-2015-005162 // CNNVD: CNNVD-201510-113 // NVD: CVE-2015-5902

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-5902

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201510-113

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201510-113

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005162

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Trust: 0.8
title:HT205267url:https://support.apple.com/en-us/HT205267
Trust: 0.8
title:HT205267url:http://support.apple.com/ja-jp/HT205267
Trust: 0.8
title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-5902 // 
            
            
            
            JVNDB: JVNDB-2015-005162

EXTERNAL IDS
db:NVDid:CVE-2015-5902
Trust: 2.9
db:BIDid:76908
Trust: 1.5
db:SECTRACKid:1033703
Trust: 1.2
db:JVNid:JVNVU97220341
Trust: 0.8
db:JVNDBid:JVNDB-2015-005162
Trust: 0.8
db:CNNVDid:CNNVD-201510-113
Trust: 0.7
db:VULHUBid:VHN-83863
Trust: 0.1
db:VULMONid:CVE-2015-5902
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83863 // 
            
            
            
            VULMON: CVE-2015-5902 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005162 // 
            
            
            
            CNNVD: CNNVD-201510-113 // 
            
            
            
            NVD: CVE-2015-5902

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html
Trust: 1.8
url:https://support.apple.com/ht205267
Trust: 1.8
url:http://www.securityfocus.com/bid/76908
Trust: 1.3
url:http://www.securitytracker.com/id/1033703
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5902
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97220341/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5902
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-in/ht205267
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht205267
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83863 // 
            
            
            
            VULMON: CVE-2015-5902 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005162 // 
            
            
            
            CNNVD: CNNVD-201510-113 // 
            
            
            
            NVD: CVE-2015-5902

CREDITS
Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of
Trust: 0.3
sources:
            
            
            BID: 76908

SOURCES
db:VULHUBid:VHN-83863
db:VULMONid:CVE-2015-5902
db:BIDid:76908
db:JVNDBid:JVNDB-2015-005162
db:CNNVDid:CNNVD-201510-113
db:NVDid:CVE-2015-5902

LAST UPDATE DATE
2025-04-13T19:42:55.537000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83863date:2016-12-08T00:00:00
db:VULMONid:CVE-2015-5902date:2016-12-08T00:00:00
db:BIDid:76908date:2015-12-08T22:02:00
db:JVNDBid:JVNDB-2015-005162date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-113date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5902date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83863date:2015-10-09T00:00:00
db:VULMONid:CVE-2015-5902date:2015-10-09T00:00:00
db:BIDid:76908date:2015-09-30T00:00:00
db:JVNDBid:JVNDB-2015-005162date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-113date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5902date:2015-10-09T05:59:30.733