Details of VAR-201510-0092

ID

VAR-201510-0092

CVE

CVE-2015-5870

TITLE

Apple OS X Vulnerability in Obtaining Important Memory Layout Information in Kernel Debug Interface

Trust: 0.8

sources: JVNDB: JVNDB-2015-005143

DESCRIPTION

The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Kernel is one of the kernel components

Trust: 2.07

sources: NVD: CVE-2015-5870 // JVNDB: JVNDB-2015-005143 // BID: 76908 // VULHUB: VHN-83831 // VULMON: CVE-2015-5870

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.6.8 thats all 10.11	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3

sources: BID: 76908 // JVNDB: JVNDB-2015-005143 // CNNVD: CNNVD-201510-094 // NVD: CVE-2015-5870

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5870
value:	LOW
Trust: 1.0
NVD:	CVE-2015-5870
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201510-094
value:	LOW
Trust: 0.6
VULHUB:	VHN-83831
value:	LOW
Trust: 0.1
VULMON:	CVE-2015-5870
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-5870
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-83831
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83831 // VULMON: CVE-2015-5870 // JVNDB: JVNDB-2015-005143 // CNNVD: CNNVD-201510-094 // NVD: CVE-2015-5870

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-83831 // JVNDB: JVNDB-2015-005143 // NVD: CVE-2015-5870

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201510-094

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-094

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005143

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-30-3 OS X El Capitan 10.11	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Trust: 0.8
title:	HT205267	url:	https://support.apple.com/en-us/HT205267	Trust: 0.8
title:	HT205267	url:	http://support.apple.com/ja-jp/HT205267	Trust: 0.8
title:	Apple: OS X El Capitan v10.11	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7	Trust: 0.1

sources: VULMON: CVE-2015-5870 // JVNDB: JVNDB-2015-005143

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5870	Trust: 2.9
db:	BID	id:	76908	Trust: 1.5
db:	SECTRACK	id:	1033703	Trust: 1.2
db:	JVN	id:	JVNVU97220341	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005143	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-094	Trust: 0.7
db:	VULHUB	id:	VHN-83831	Trust: 0.1
db:	VULMON	id:	CVE-2015-5870	Trust: 0.1

sources: VULHUB: VHN-83831 // VULMON: CVE-2015-5870 // BID: 76908 // JVNDB: JVNDB-2015-005143 // CNNVD: CNNVD-201510-094 // NVD: CVE-2015-5870

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html	Trust: 1.8
url:	https://support.apple.com/ht205267	Trust: 1.8
url:	http://www.securityfocus.com/bid/76908	Trust: 1.3
url:	http://www.securitytracker.com/id/1033703	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5870	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97220341/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5870	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://support.apple.com/en-in/ht205267	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht205267	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=41307	Trust: 0.1

sources: VULHUB: VHN-83831 // VULMON: CVE-2015-5870 // BID: 76908 // JVNDB: JVNDB-2015-005143 // CNNVD: CNNVD-201510-094 // NVD: CVE-2015-5870

CREDITS

Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of

Trust: 0.3

sources: BID: 76908

SOURCES

db:	VULHUB	id:	VHN-83831
db:	VULMON	id:	CVE-2015-5870
db:	BID	id:	76908
db:	JVNDB	id:	JVNDB-2015-005143
db:	CNNVD	id:	CNNVD-201510-094
db:	NVD	id:	CVE-2015-5870

LAST UPDATE DATE

2025-04-13T20:40:57.723000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83831	date:	2016-12-09T00:00:00
db:	VULMON	id:	CVE-2015-5870	date:	2016-12-09T00:00:00
db:	BID	id:	76908	date:	2015-12-08T22:02:00
db:	JVNDB	id:	JVNDB-2015-005143	date:	2015-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201510-094	date:	2015-10-10T00:00:00
db:	NVD	id:	CVE-2015-5870	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83831	date:	2015-10-09T00:00:00
db:	VULMON	id:	CVE-2015-5870	date:	2015-10-09T00:00:00
db:	BID	id:	76908	date:	2015-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2015-005143	date:	2015-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201510-094	date:	2015-10-10T00:00:00
db:	NVD	id:	CVE-2015-5870	date:	2015-10-09T05:59:12.640