Sign-up

ID

VAR-201510-0081


CVE

CVE-2015-5917


TITLE

Apple OS X Used in tnftpd of glob Service disruption in implementations (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-005166

DESCRIPTION

The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. tnftpd (formerly lukemftpd) is a port of the NetBSD FTP server for other systems that provides functional enhancements to the traditional BSD ftpd

Trust: 2.07

sources: NVD: CVE-2015-5917 // JVNDB: JVNDB-2015-005166 // BID: 76908 // VULHUB: VHN-83878 // VULMON: CVE-2015-5917

AFFECTED PRODUCTS

vendor:netbsdmodel:tnftpdscope:eqversion:*

Trust: 1.0

vendor:tnftpdmodel:tnftpdscope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:netbsdmodel:tnftpdscope: - version: -

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

sources: BID: 76908 // JVNDB: JVNDB-2015-005166 // CNNVD: CNNVD-201510-117 // NVD: CVE-2015-5917

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5917
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5917
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-117
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83878
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-5917
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5917
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83878
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83878 // VULMON: CVE-2015-5917 // JVNDB: JVNDB-2015-005166 // CNNVD: CNNVD-201510-117 // NVD: CVE-2015-5917

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-83878 // JVNDB: JVNDB-2015-005166 // NVD: CVE-2015-5917

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-117

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201510-117

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005166

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Trust: 0.8
title:HT205267url:https://support.apple.com/en-us/HT205267
Trust: 0.8
title:HT205267url:http://support.apple.com/ja-jp/HT205267
Trust: 0.8
title:tnftpurl:ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/
Trust: 0.8
title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-5917 // 
            
            
            
            JVNDB: JVNDB-2015-005166

EXTERNAL IDS
db:NVDid:CVE-2015-5917
Trust: 2.9
db:CXSECURITYid:WLB-2013040082
Trust: 1.8
db:BIDid:76908
Trust: 1.5
db:SECTRACKid:1033703
Trust: 1.2
db:JVNid:JVNVU97220341
Trust: 0.8
db:JVNDBid:JVNDB-2015-005166
Trust: 0.8
db:CNNVDid:CNNVD-201510-117
Trust: 0.7
db:VULHUBid:VHN-83878
Trust: 0.1
db:VULMONid:CVE-2015-5917
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83878 // 
            
            
            
            VULMON: CVE-2015-5917 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005166 // 
            
            
            
            CNNVD: CNNVD-201510-117 // 
            
            
            
            NVD: CVE-2015-5917

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html
Trust: 1.8
url:https://support.apple.com/ht205267
Trust: 1.8
url:https://cxsecurity.com/issue/wlb-2013040082
Trust: 1.8
url:https://www.youtube.com/watch?v=mbk4qykum10
Trust: 1.8
url:http://www.securityfocus.com/bid/76908
Trust: 1.3
url:http://www.securitytracker.com/id/1033703
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5917
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97220341/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5917
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-in/ht205267
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht205267
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83878 // 
            
            
            
            VULMON: CVE-2015-5917 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005166 // 
            
            
            
            CNNVD: CNNVD-201510-117 // 
            
            
            
            NVD: CVE-2015-5917

CREDITS
Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of
Trust: 0.3
sources:
            
            
            BID: 76908

SOURCES
db:VULHUBid:VHN-83878
db:VULMONid:CVE-2015-5917
db:BIDid:76908
db:JVNDBid:JVNDB-2015-005166
db:CNNVDid:CNNVD-201510-117
db:NVDid:CVE-2015-5917

LAST UPDATE DATE
2025-04-13T21:47:10.355000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83878date:2016-12-08T00:00:00
db:VULMONid:CVE-2015-5917date:2016-12-08T00:00:00
db:BIDid:76908date:2015-12-08T22:02:00
db:JVNDBid:JVNDB-2015-005166date:2015-10-21T00:00:00
db:CNNVDid:CNNVD-201510-117date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5917date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83878date:2015-10-09T00:00:00
db:VULMONid:CVE-2015-5917date:2015-10-09T00:00:00
db:BIDid:76908date:2015-09-30T00:00:00
db:JVNDBid:JVNDB-2015-005166date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-117date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5917date:2015-10-09T05:59:35.357