Sign-up

ID

VAR-201606-0033


CVE

CVE-2015-7988


TITLE

mDNSResponder contains multiple memory-based vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#143335

DESCRIPTION

The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. mDNSResponder is prone to a remote code-execution vulnerability. A security vulnerability exists in the 'handle_regservice_request' function of mDNSResponder versions prior to 625.41.2

Trust: 2.79

sources: NVD: CVE-2015-7988 // CERT/CC: VU#143335 // JVNDB: JVNDB-2015-007209 // BID: 91325 // VULHUB: VHN-85949 // VULMON: CVE-2015-7988

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:gteversion:10.11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.11.1

Trust: 1.0

vendor:applemodel:airport base stationscope:gteversion:7.6

Trust: 1.0

vendor:applemodel:mdnsresponderscope:ltversion:625.41.2

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.9.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.10.5

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.9

Trust: 1.0

vendor:applemodel:airport base stationscope:gteversion:7.7

Trust: 1.0

vendor:applemodel:airport base stationscope:ltversion:7.6.7

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:2.1

Trust: 1.0

vendor:applemodel:airport base stationscope:ltversion:7.7.7

Trust: 1.0

vendor:applemodel:iphone osscope:gteversion:9.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:9.1

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.10.0

Trust: 1.0

vendor:android open sourcemodel: - scope: - version: -

Trust: 0.8

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:airmac base stationscope: - version: -

Trust: 0.8

vendor:applemodel:airmac base stationscope:ltversion:7.6.7 earlier

Trust: 0.8

vendor:applemodel:airmac base stationscope:ltversion:7.7.7 earlier

Trust: 0.8

vendor:applemodel:mac os xscope:ltversion:v10.10.5 and security updates 2015-004 yosemite earlier

Trust: 0.8

vendor:applemodel:mac os xscope:ltversion:v10.11.1 earlier

Trust: 0.8

vendor:applemodel:mac os xscope:ltversion:v10.9.5 and security updates 2015-007 mavericks earlier

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.1 earlier

Trust: 0.8

vendor:applemodel:mdnsresponderscope:ltversion:379.27 or later 625.41.2

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.1 earlier

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:9.0.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.10.4

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:2.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.0

Trust: 0.6

vendor:applemodel:airport base stationscope: - version: -

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.9.4

Trust: 0.6

vendor:applemodel:mdnsresponderscope:eqversion:576.30.4

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

sources: CERT/CC: VU#143335 // BID: 91325 // JVNDB: JVNDB-2015-007209 // CNNVD: CNNVD-201606-474 // NVD: CVE-2015-7988

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7988
value: CRITICAL

Trust: 1.0

NVD: CVE-2015-7988
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201606-474
value: HIGH

Trust: 0.6

VULHUB: VHN-85949
value: HIGH

Trust: 0.1

VULMON: CVE-2015-7988
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-7988
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-85949
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7988
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-85949 // VULMON: CVE-2015-7988 // JVNDB: JVNDB-2015-007209 // CNNVD: CNNVD-201606-474 // NVD: CVE-2015-7988

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-007209 // NVD: CVE-2015-7988

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-474

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201606-474

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007209

PATCH
title:Bonjour for Developersurl:https://developer.apple.com/bonjour/
Trust: 0.8
title:mDNSResponderurl:http://opensource.apple.com/tarballs/mDNSResponder/
Trust: 0.8
title:HT206846url:https://support.apple.com/en-us/HT206846
Trust: 0.8
title:HT206846url:https://support.apple.com/ja-jp/HT206846
Trust: 0.8
title:mDNSResponder Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62401
Trust: 0.6
title:Apple: iOS 9.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=123f4c3a6e7427c916e120e518bda58a
Trust: 0.1
title:Apple: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericksurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=fd51407c33ee29c59223888703327538
Trust: 0.1
title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=ac5af5dd99788925425f5747ec672707
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-7988 // 
            
            
            
            JVNDB: JVNDB-2015-007209 // 
            
            
            
            CNNVD: CNNVD-201606-474

EXTERNAL IDS
db:CERT/CCid:VU#143335
Trust: 3.4
db:NVDid:CVE-2015-7988
Trust: 2.9
db:SECTRACKid:1036181
Trust: 1.2
db:JVNid:JVNVU97008560
Trust: 0.8
db:JVNDBid:JVNDB-2015-007209
Trust: 0.8
db:CNNVDid:CNNVD-201606-474
Trust: 0.7
db:BIDid:91325
Trust: 0.4
db:VULHUBid:VHN-85949
Trust: 0.1
db:VULMONid:CVE-2015-7988
Trust: 0.1
sources:
            
            
            CERT/CC: VU#143335 // 
            
            
            
            VULHUB: VHN-85949 // 
            
            
            
            VULMON: CVE-2015-7988 // 
            
            
            
            BID: 91325 // 
            
            
            
            JVNDB: JVNDB-2015-007209 // 
            
            
            
            CNNVD: CNNVD-201606-474 // 
            
            
            
            NVD: CVE-2015-7988

REFERENCES
url:http://www.kb.cert.org/vuls/id/143335
Trust: 2.7
url:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Trust: 1.2
url:https://support.apple.com/ht206846
Trust: 1.2
url:http://www.securitytracker.com/id/1036181
Trust: 1.2
url:https://support.apple.com/en-us/ht206846
Trust: 0.8
url:http://www.opensource.apple.com/tarballs/mdnsresponder/
Trust: 0.8
url:https://developer.apple.com/bonjour/
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/120.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/476.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7988
Trust: 0.8
url:http://jvn.jp/cert/jvnvu97008560
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7988
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/91325
Trust: 0.1
sources:
            
            
            CERT/CC: VU#143335 // 
            
            
            
            VULHUB: VHN-85949 // 
            
            
            
            VULMON: CVE-2015-7988 // 
            
            
            
            JVNDB: JVNDB-2015-007209 // 
            
            
            
            CNNVD: CNNVD-201606-474 // 
            
            
            
            NVD: CVE-2015-7988

CREDITS
Apple
Trust: 0.9
sources:
            
            
            BID: 91325 // 
            
            
            
            CNNVD: CNNVD-201606-474

SOURCES
db:CERT/CCid:VU#143335
db:VULHUBid:VHN-85949
db:VULMONid:CVE-2015-7988
db:BIDid:91325
db:JVNDBid:JVNDB-2015-007209
db:CNNVDid:CNNVD-201606-474
db:NVDid:CVE-2015-7988

LAST UPDATE DATE
2025-04-13T23:39:31.812000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#143335date:2016-06-20T00:00:00
db:VULHUBid:VHN-85949date:2019-06-19T00:00:00
db:VULMONid:CVE-2015-7988date:2019-06-19T00:00:00
db:BIDid:91325date:2016-07-06T15:01:00
db:JVNDBid:JVNDB-2015-007209date:2016-06-28T00:00:00
db:CNNVDid:CNNVD-201606-474date:2016-06-27T00:00:00
db:NVDid:CVE-2015-7988date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#143335date:2016-06-20T00:00:00
db:VULHUBid:VHN-85949date:2016-06-26T00:00:00
db:VULMONid:CVE-2015-7988date:2016-06-26T00:00:00
db:BIDid:91325date:2016-06-20T00:00:00
db:JVNDBid:JVNDB-2015-007209date:2016-06-28T00:00:00
db:CNNVDid:CNNVD-201606-474date:2016-06-21T00:00:00
db:NVDid:CVE-2015-7988date:2016-06-26T01:59:01.503