Details of VAR-201510-0159

ID

VAR-201510-0159

CVE

CVE-2015-6994

TITLE

Apple iOS and OS X Service disruption in some kernels (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-005557

DESCRIPTION

The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app. Apple iOS and Mac OS X are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, overwrite arbitrary files and cause denial-of-service conditions. in the United States. The former is a set of operating systems developed for mobile devices, and the latter is a set of dedicated operating systems developed for Mac computers. Kernel is one of the kernel components. The vulnerability stems from the program not properly handling the reuse of virtual memory. An attacker could exploit this vulnerability with a specially crafted application to cause a denial of service

Trust: 1.98

sources: NVD: CVE-2015-6994 // JVNDB: JVNDB-2015-005557 // BID: 77263 // VULHUB: VHN-84955

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	9.0.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.0.2	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.0	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 77263 // JVNDB: JVNDB-2015-005557 // CNNVD: CNNVD-201510-542 // NVD: CVE-2015-6994

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6994
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6994
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201510-542
value:	HIGH
Trust: 0.6
VULHUB:	VHN-84955
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6994
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84955
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84955 // JVNDB: JVNDB-2015-005557 // CNNVD: CNNVD-201510-542 // NVD: CVE-2015-6994

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-84955 // JVNDB: JVNDB-2015-005557 // NVD: CVE-2015-6994

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-542

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201510-542

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005557

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007	url:	http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html	Trust: 0.8
title:	APPLE-SA-2015-10-21-1 iOS 9.1	url:	http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html	Trust: 0.8
title:	HT205370	url:	https://support.apple.com/en-us/HT205370	Trust: 0.8
title:	HT205375	url:	https://support.apple.com/en-us/HT205375	Trust: 0.8
title:	HT205370	url:	http://support.apple.com/ja-jp/HT205370	Trust: 0.8
title:	HT205375	url:	http://support.apple.com/ja-jp/HT205375	Trust: 0.8

sources: JVNDB: JVNDB-2015-005557

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6994	Trust: 2.8
db:	BID	id:	77263	Trust: 1.4
db:	SECTRACK	id:	1033929	Trust: 1.1
db:	JVN	id:	JVNVU92655282	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005557	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-542	Trust: 0.7
db:	VULHUB	id:	VHN-84955	Trust: 0.1

sources: VULHUB: VHN-84955 // BID: 77263 // JVNDB: JVNDB-2015-005557 // CNNVD: CNNVD-201510-542 // NVD: CVE-2015-6994

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/oct/msg00002.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/oct/msg00005.html	Trust: 1.7
url:	https://support.apple.com/ht205370	Trust: 1.7
url:	https://support.apple.com/ht205375	Trust: 1.7
url:	http://www.securityfocus.com/bid/77263	Trust: 1.1
url:	http://www.securitytracker.com/id/1033929	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6994	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92655282/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6994	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-84955 // BID: 77263 // JVNDB: JVNDB-2015-005557 // CNNVD: CNNVD-201510-542 // NVD: CVE-2015-6994

CREDITS

Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Hu

Trust: 0.3

sources: BID: 77263

SOURCES

db:	VULHUB	id:	VHN-84955
db:	BID	id:	77263
db:	JVNDB	id:	JVNDB-2015-005557
db:	CNNVD	id:	CNNVD-201510-542
db:	NVD	id:	CVE-2015-6994

LAST UPDATE DATE

2025-04-13T21:17:03.888000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84955	date:	2016-12-24T00:00:00
db:	BID	id:	77263	date:	2016-01-12T02:01:00
db:	JVNDB	id:	JVNDB-2015-005557	date:	2015-10-27T00:00:00
db:	CNNVD	id:	CNNVD-201510-542	date:	2015-10-26T00:00:00
db:	NVD	id:	CVE-2015-6994	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84955	date:	2015-10-23T00:00:00
db:	BID	id:	77263	date:	2015-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2015-005557	date:	2015-10-27T00:00:00
db:	CNNVD	id:	CNNVD-201510-542	date:	2015-10-26T00:00:00
db:	NVD	id:	CVE-2015-6994	date:	2015-10-23T21:59:35.827