Details of VAR-201510-0088

ID

VAR-201510-0088

CVE

CVE-2015-5854

TITLE

Apple OS X of Time Machine Access to keychain items in backup implementation

Trust: 0.8

sources: JVNDB: JVNDB-2015-005139

DESCRIPTION

The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Time Machine is one of the backup components

Trust: 2.07

sources: NVD: CVE-2015-5854 // JVNDB: JVNDB-2015-005139 // BID: 76908 // VULHUB: VHN-83815 // VULMON: CVE-2015-5854

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.6.8 thats all 10.11	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3

sources: BID: 76908 // JVNDB: JVNDB-2015-005139 // CNNVD: CNNVD-201510-090 // NVD: CVE-2015-5854

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5854
value:	LOW
Trust: 1.0
NVD:	CVE-2015-5854
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201510-090
value:	LOW
Trust: 0.6
VULHUB:	VHN-83815
value:	LOW
Trust: 0.1
VULMON:	CVE-2015-5854
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-5854
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-83815
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83815 // VULMON: CVE-2015-5854 // JVNDB: JVNDB-2015-005139 // CNNVD: CNNVD-201510-090 // NVD: CVE-2015-5854

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-83815 // JVNDB: JVNDB-2015-005139 // NVD: CVE-2015-5854

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201510-090

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-090

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005139

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-30-3 OS X El Capitan 10.11	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Trust: 0.8
title:	HT205267	url:	https://support.apple.com/en-us/HT205267	Trust: 0.8
title:	HT205267	url:	http://support.apple.com/ja-jp/HT205267	Trust: 0.8
title:	Apple: OS X El Capitan v10.11	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7	Trust: 0.1

sources: VULMON: CVE-2015-5854 // JVNDB: JVNDB-2015-005139

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5854	Trust: 2.9
db:	BID	id:	76908	Trust: 1.5
db:	SECTRACK	id:	1033703	Trust: 1.2
db:	JVN	id:	JVNVU97220341	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005139	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-090	Trust: 0.7
db:	VULHUB	id:	VHN-83815	Trust: 0.1
db:	VULMON	id:	CVE-2015-5854	Trust: 0.1

sources: VULHUB: VHN-83815 // VULMON: CVE-2015-5854 // BID: 76908 // JVNDB: JVNDB-2015-005139 // CNNVD: CNNVD-201510-090 // NVD: CVE-2015-5854

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html	Trust: 1.8
url:	https://support.apple.com/ht205267	Trust: 1.8
url:	http://www.securityfocus.com/bid/76908	Trust: 1.3
url:	http://www.securitytracker.com/id/1033703	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5854	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97220341/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5854	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://support.apple.com/en-in/ht205267	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht205267	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=41307	Trust: 0.1

sources: VULHUB: VHN-83815 // VULMON: CVE-2015-5854 // BID: 76908 // JVNDB: JVNDB-2015-005139 // CNNVD: CNNVD-201510-090 // NVD: CVE-2015-5854

CREDITS

Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of

Trust: 0.3

sources: BID: 76908

SOURCES

db:	VULHUB	id:	VHN-83815
db:	VULMON	id:	CVE-2015-5854
db:	BID	id:	76908
db:	JVNDB	id:	JVNDB-2015-005139
db:	CNNVD	id:	CNNVD-201510-090
db:	NVD	id:	CVE-2015-5854

LAST UPDATE DATE

2025-04-13T22:42:40.935000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83815	date:	2016-12-09T00:00:00
db:	VULMON	id:	CVE-2015-5854	date:	2016-12-09T00:00:00
db:	BID	id:	76908	date:	2015-12-08T22:02:00
db:	JVNDB	id:	JVNDB-2015-005139	date:	2015-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201510-090	date:	2015-10-10T00:00:00
db:	NVD	id:	CVE-2015-5854	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83815	date:	2015-10-09T00:00:00
db:	VULMON	id:	CVE-2015-5854	date:	2015-10-09T00:00:00
db:	BID	id:	76908	date:	2015-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2015-005139	date:	2015-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201510-090	date:	2015-10-10T00:00:00
db:	NVD	id:	CVE-2015-5854	date:	2015-10-09T05:59:08.720