cvelistv5 - cve-2015-5917

CVE-2015-5917 (GCVE-0-2015-5917)

Vulnerability from cvelistv5 – Published: 2015-10-09 01:00 – Updated: 2024-08-06 07:06

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://www.securitytracker.com/id/1033703	vdb-entryx_refsource_SECTRACK
	https://www.youtube.com/watch?v=MBK4QYkUm10	x_refsource_MISC
	https://cxsecurity.com/issue/WLB-2013040082	x_refsource_MISC
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://support.apple.com/HT205267	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/76908	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:06:34.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1033703",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033703"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cxsecurity.com/issue/WLB-2013040082"
          },
          {
            "name": "APPLE-SA-2015-09-30-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205267"
          },
          {
            "name": "76908",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76908"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T18:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "1033703",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033703"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cxsecurity.com/issue/WLB-2013040082"
        },
        {
          "name": "APPLE-SA-2015-09-30-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205267"
        },
        {
          "name": "76908",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76908"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-5917",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1033703",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033703"
            },
            {
              "name": "https://www.youtube.com/watch?v=MBK4QYkUm10",
              "refsource": "MISC",
              "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
            },
            {
              "name": "https://cxsecurity.com/issue/WLB-2013040082",
              "refsource": "MISC",
              "url": "https://cxsecurity.com/issue/WLB-2013040082"
            },
            {
              "name": "APPLE-SA-2015-09-30-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
            },
            {
              "name": "https://support.apple.com/HT205267",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205267"
            },
            {
              "name": "76908",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76908"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2015-5917",
    "datePublished": "2015-10-09T01:00:00",
    "dateReserved": "2015-08-06T00:00:00",
    "dateUpdated": "2024-08-06T07:06:34.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netbsd:tnftpd:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28452FCF-6965-4708-848E-C381F2A800D9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03F9674E-6AF9-47D7-B74E-CA4A7DF6A41D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n de glob en tnftpd (anteriormente lukemftpd), tal como se utiliza en Apple OS X en versiones anteriores a 10.11 permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria e interrupci\\u00f3n de demonio) a trav\\u00e9s de un comando STAT que contiene un patr\\u00f3n manipulado, seg\\u00fan lo demostrado por m\\u00faltiples casos de la subcadena {..,..,..}/*.\"}]",
      "id": "CVE-2015-5917",
      "lastModified": "2024-11-21T02:34:07.830",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-10-09T05:59:35.357",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/76908\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.securitytracker.com/id/1033703\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://cxsecurity.com/issue/WLB-2013040082\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT205267\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.youtube.com/watch?v=MBK4QYkUm10\", \"source\": \"product-security@apple.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/76908\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1033703\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://cxsecurity.com/issue/WLB-2013040082\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT205267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.youtube.com/watch?v=MBK4QYkUm10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-5917\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2015-10-09T05:59:35.357\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n de glob en tnftpd (anteriormente lukemftpd), tal como se utiliza en Apple OS X en versiones anteriores a 10.11 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria e interrupci\u00f3n de demonio) a trav\u00e9s de un comando STAT que contiene un patr\u00f3n manipulado, seg\u00fan lo demostrado por m\u00faltiples casos de la subcadena {..,..,..}/*.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netbsd:tnftpd:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28452FCF-6965-4708-848E-C381F2A800D9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03F9674E-6AF9-47D7-B74E-CA4A7DF6A41D\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/76908\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securitytracker.com/id/1033703\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://cxsecurity.com/issue/WLB-2013040082\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT205267\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.youtube.com/watch?v=MBK4QYkUm10\",\"source\":\"product-security@apple.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/76908\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1033703\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cxsecurity.com/issue/WLB-2013040082\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT205267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.youtube.com/watch?v=MBK4QYkUm10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}

GSD-2015-5917

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-5917

Aliases

CVE-2015-5917

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-5917",
    "description": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.",
    "id": "GSD-2015-5917"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-5917"
      ],
      "details": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.",
      "id": "GSD-2015-5917",
      "modified": "2023-12-13T01:20:05.894573Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-5917",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1033703",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033703"
          },
          {
            "name": "https://www.youtube.com/watch?v=MBK4QYkUm10",
            "refsource": "MISC",
            "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
          },
          {
            "name": "https://cxsecurity.com/issue/WLB-2013040082",
            "refsource": "MISC",
            "url": "https://cxsecurity.com/issue/WLB-2013040082"
          },
          {
            "name": "APPLE-SA-2015-09-30-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
          },
          {
            "name": "https://support.apple.com/HT205267",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205267"
          },
          {
            "name": "76908",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/76908"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netbsd:tnftpd:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-5917"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT205267",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205267"
            },
            {
              "name": "APPLE-SA-2015-09-30-3",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
            },
            {
              "name": "https://cxsecurity.com/issue/WLB-2013040082",
              "refsource": "MISC",
              "tags": [],
              "url": "https://cxsecurity.com/issue/WLB-2013040082"
            },
            {
              "name": "https://www.youtube.com/watch?v=MBK4QYkUm10",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
            },
            {
              "name": "76908",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/76908"
            },
            {
              "name": "1033703",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033703"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-08T03:11Z",
      "publishedDate": "2015-10-09T05:59Z"
    }
  }
}

CERTFR-2015-AVI-416

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Apple OS X. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple OS X versions antérieures à v10.11

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT205267 du 30 septembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple OS X versions ant\u00e9rieures \u00e0 v10.11\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-8080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8080"
    },
    {
      "name": "CVE-2015-5885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5885"
    },
    {
      "name": "CVE-2015-5851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5851"
    },
    {
      "name": "CVE-2015-5870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5870"
    },
    {
      "name": "CVE-2015-5873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5873"
    },
    {
      "name": "CVE-2015-3416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
    },
    {
      "name": "CVE-2015-5867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5867"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-5830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5830"
    },
    {
      "name": "CVE-2014-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
    },
    {
      "name": "CVE-2015-3415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
    },
    {
      "name": "CVE-2015-5883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5883"
    },
    {
      "name": "CVE-2015-5523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5523"
    },
    {
      "name": "CVE-2015-5914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5914"
    },
    {
      "name": "CVE-2014-9652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9652"
    },
    {
      "name": "CVE-2015-5875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5875"
    },
    {
      "name": "CVE-2015-5860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5860"
    },
    {
      "name": "CVE-2015-5824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5824"
    },
    {
      "name": "CVE-2015-5872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5872"
    },
    {
      "name": "CVE-2014-9705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9705"
    },
    {
      "name": "CVE-2015-5522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5522"
    },
    {
      "name": "CVE-2015-5863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5863"
    },
    {
      "name": "CVE-2015-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1352"
    },
    {
      "name": "CVE-2014-9427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9427"
    },
    {
      "name": "CVE-2015-5833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5833"
    },
    {
      "name": "CVE-2015-5840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5840"
    },
    {
      "name": "CVE-2015-5915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5915"
    },
    {
      "name": "CVE-2015-5871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5871"
    },
    {
      "name": "CVE-2015-2787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
    },
    {
      "name": "CVE-2014-8090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8090"
    },
    {
      "name": "CVE-2015-5836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5836"
    },
    {
      "name": "CVE-2015-5868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5868"
    },
    {
      "name": "CVE-2015-5891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5891"
    },
    {
      "name": "CVE-2015-5874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5874"
    },
    {
      "name": "CVE-2015-2305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2305"
    },
    {
      "name": "CVE-2015-5887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5887"
    },
    {
      "name": "CVE-2015-5902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5902"
    },
    {
      "name": "CVE-2015-5900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5900"
    },
    {
      "name": "CVE-2015-5858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5858"
    },
    {
      "name": "CVE-2015-3414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
    },
    {
      "name": "CVE-2015-5865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5865"
    },
    {
      "name": "CVE-2014-9425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9425"
    },
    {
      "name": "CVE-2014-8611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8611"
    },
    {
      "name": "CVE-2015-5879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5879"
    },
    {
      "name": "CVE-2015-3330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3330"
    },
    {
      "name": "CVE-2015-5896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5896"
    },
    {
      "name": "CVE-2015-0273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0273"
    },
    {
      "name": "CVE-2014-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
    },
    {
      "name": "CVE-2015-5839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5839"
    },
    {
      "name": "CVE-2015-5893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5893"
    },
    {
      "name": "CVE-2015-3329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3329"
    },
    {
      "name": "CVE-2015-5853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5853"
    },
    {
      "name": "CVE-2015-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0231"
    },
    {
      "name": "CVE-2015-2301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2301"
    },
    {
      "name": "CVE-2015-5882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5882"
    },
    {
      "name": "CVE-2015-5878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5878"
    },
    {
      "name": "CVE-2015-5894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5894"
    },
    {
      "name": "CVE-2015-5831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5831"
    },
    {
      "name": "CVE-2015-5869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5869"
    },
    {
      "name": "CVE-2015-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1855"
    },
    {
      "name": "CVE-2015-5862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5862"
    },
    {
      "name": "CVE-2014-8147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8147"
    },
    {
      "name": "CVE-2015-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5889"
    },
    {
      "name": "CVE-2015-5866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5866"
    },
    {
      "name": "CVE-2015-5876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5876"
    },
    {
      "name": "CVE-2014-2532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
    },
    {
      "name": "CVE-2015-5912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5912"
    },
    {
      "name": "CVE-2015-5877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5877"
    },
    {
      "name": "CVE-2015-2331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2331"
    },
    {
      "name": "CVE-2015-5922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5922"
    },
    {
      "name": "CVE-2015-5842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5842"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2015-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1351"
    },
    {
      "name": "CVE-2015-5849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5849"
    },
    {
      "name": "CVE-2015-5841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5841"
    },
    {
      "name": "CVE-2014-7187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
    },
    {
      "name": "CVE-2015-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2783"
    },
    {
      "name": "CVE-2015-3785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3785"
    },
    {
      "name": "CVE-2015-5913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5913"
    },
    {
      "name": "CVE-2014-3618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3618"
    },
    {
      "name": "CVE-2015-5899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5899"
    },
    {
      "name": "CVE-2015-5847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5847"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2015-5903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5903"
    },
    {
      "name": "CVE-2015-5864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5864"
    },
    {
      "name": "CVE-2015-5917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5917"
    },
    {
      "name": "CVE-2015-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0232"
    },
    {
      "name": "CVE-2015-5901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5901"
    },
    {
      "name": "CVE-2015-5854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5854"
    },
    {
      "name": "CVE-2015-5881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5881"
    },
    {
      "name": "CVE-2015-5897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5897"
    },
    {
      "name": "CVE-2015-5888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5888"
    },
    {
      "name": "CVE-2015-5890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5890"
    },
    {
      "name": "CVE-2015-5884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5884"
    },
    {
      "name": "CVE-2013-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3951"
    },
    {
      "name": "CVE-2014-9709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9709"
    },
    {
      "name": "CVE-2015-5855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5855"
    },
    {
      "name": "CVE-2015-2348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2348"
    },
    {
      "name": "CVE-2014-8146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8146"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-416",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-10-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nune ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT205267 du 30 septembre 2015",
      "url": "https://support.apple.com/en-us/HT205267"
    }
  ]
}

CERTFR-2015-AVI-416

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple OS X versions antérieures à v10.11

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT205267 du 30 septembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple OS X versions ant\u00e9rieures \u00e0 v10.11\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-8080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8080"
    },
    {
      "name": "CVE-2015-5885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5885"
    },
    {
      "name": "CVE-2015-5851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5851"
    },
    {
      "name": "CVE-2015-5870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5870"
    },
    {
      "name": "CVE-2015-5873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5873"
    },
    {
      "name": "CVE-2015-3416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
    },
    {
      "name": "CVE-2015-5867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5867"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-5830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5830"
    },
    {
      "name": "CVE-2014-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
    },
    {
      "name": "CVE-2015-3415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
    },
    {
      "name": "CVE-2015-5883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5883"
    },
    {
      "name": "CVE-2015-5523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5523"
    },
    {
      "name": "CVE-2015-5914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5914"
    },
    {
      "name": "CVE-2014-9652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9652"
    },
    {
      "name": "CVE-2015-5875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5875"
    },
    {
      "name": "CVE-2015-5860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5860"
    },
    {
      "name": "CVE-2015-5824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5824"
    },
    {
      "name": "CVE-2015-5872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5872"
    },
    {
      "name": "CVE-2014-9705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9705"
    },
    {
      "name": "CVE-2015-5522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5522"
    },
    {
      "name": "CVE-2015-5863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5863"
    },
    {
      "name": "CVE-2015-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1352"
    },
    {
      "name": "CVE-2014-9427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9427"
    },
    {
      "name": "CVE-2015-5833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5833"
    },
    {
      "name": "CVE-2015-5840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5840"
    },
    {
      "name": "CVE-2015-5915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5915"
    },
    {
      "name": "CVE-2015-5871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5871"
    },
    {
      "name": "CVE-2015-2787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
    },
    {
      "name": "CVE-2014-8090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8090"
    },
    {
      "name": "CVE-2015-5836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5836"
    },
    {
      "name": "CVE-2015-5868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5868"
    },
    {
      "name": "CVE-2015-5891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5891"
    },
    {
      "name": "CVE-2015-5874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5874"
    },
    {
      "name": "CVE-2015-2305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2305"
    },
    {
      "name": "CVE-2015-5887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5887"
    },
    {
      "name": "CVE-2015-5902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5902"
    },
    {
      "name": "CVE-2015-5900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5900"
    },
    {
      "name": "CVE-2015-5858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5858"
    },
    {
      "name": "CVE-2015-3414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
    },
    {
      "name": "CVE-2015-5865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5865"
    },
    {
      "name": "CVE-2014-9425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9425"
    },
    {
      "name": "CVE-2014-8611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8611"
    },
    {
      "name": "CVE-2015-5879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5879"
    },
    {
      "name": "CVE-2015-3330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3330"
    },
    {
      "name": "CVE-2015-5896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5896"
    },
    {
      "name": "CVE-2015-0273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0273"
    },
    {
      "name": "CVE-2014-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
    },
    {
      "name": "CVE-2015-5839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5839"
    },
    {
      "name": "CVE-2015-5893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5893"
    },
    {
      "name": "CVE-2015-3329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3329"
    },
    {
      "name": "CVE-2015-5853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5853"
    },
    {
      "name": "CVE-2015-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0231"
    },
    {
      "name": "CVE-2015-2301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2301"
    },
    {
      "name": "CVE-2015-5882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5882"
    },
    {
      "name": "CVE-2015-5878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5878"
    },
    {
      "name": "CVE-2015-5894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5894"
    },
    {
      "name": "CVE-2015-5831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5831"
    },
    {
      "name": "CVE-2015-5869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5869"
    },
    {
      "name": "CVE-2015-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1855"
    },
    {
      "name": "CVE-2015-5862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5862"
    },
    {
      "name": "CVE-2014-8147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8147"
    },
    {
      "name": "CVE-2015-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5889"
    },
    {
      "name": "CVE-2015-5866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5866"
    },
    {
      "name": "CVE-2015-5876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5876"
    },
    {
      "name": "CVE-2014-2532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
    },
    {
      "name": "CVE-2015-5912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5912"
    },
    {
      "name": "CVE-2015-5877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5877"
    },
    {
      "name": "CVE-2015-2331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2331"
    },
    {
      "name": "CVE-2015-5922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5922"
    },
    {
      "name": "CVE-2015-5842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5842"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2015-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1351"
    },
    {
      "name": "CVE-2015-5849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5849"
    },
    {
      "name": "CVE-2015-5841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5841"
    },
    {
      "name": "CVE-2014-7187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
    },
    {
      "name": "CVE-2015-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2783"
    },
    {
      "name": "CVE-2015-3785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3785"
    },
    {
      "name": "CVE-2015-5913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5913"
    },
    {
      "name": "CVE-2014-3618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3618"
    },
    {
      "name": "CVE-2015-5899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5899"
    },
    {
      "name": "CVE-2015-5847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5847"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2015-5903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5903"
    },
    {
      "name": "CVE-2015-5864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5864"
    },
    {
      "name": "CVE-2015-5917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5917"
    },
    {
      "name": "CVE-2015-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0232"
    },
    {
      "name": "CVE-2015-5901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5901"
    },
    {
      "name": "CVE-2015-5854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5854"
    },
    {
      "name": "CVE-2015-5881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5881"
    },
    {
      "name": "CVE-2015-5897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5897"
    },
    {
      "name": "CVE-2015-5888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5888"
    },
    {
      "name": "CVE-2015-5890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5890"
    },
    {
      "name": "CVE-2015-5884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5884"
    },
    {
      "name": "CVE-2013-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3951"
    },
    {
      "name": "CVE-2014-9709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9709"
    },
    {
      "name": "CVE-2015-5855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5855"
    },
    {
      "name": "CVE-2015-2348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2348"
    },
    {
      "name": "CVE-2014-8146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8146"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-416",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-10-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nune ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT205267 du 30 septembre 2015",
      "url": "https://support.apple.com/en-us/HT205267"
    }
  ]
}

GHSA-X6X4-PHH7-F9MR

Vulnerability from github – Published: 2022-05-17 03:22 – Updated: 2022-05-17 03:22

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-5917"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-10-09T05:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.",
  "id": "GHSA-x6x4-phh7-f9mr",
  "modified": "2022-05-17T03:22:36Z",
  "published": "2022-05-17T03:22:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5917"
    },
    {
      "type": "WEB",
      "url": "https://cxsecurity.com/issue/WLB-2013040082"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205267"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/76908"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033703"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2015-5917

Vulnerability from fkie_nvd - Published: 2015-10-09 05:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/76908
product-security@apple.com	http://www.securitytracker.com/id/1033703
product-security@apple.com	https://cxsecurity.com/issue/WLB-2013040082
product-security@apple.com	https://support.apple.com/HT205267	Vendor Advisory
product-security@apple.com	https://www.youtube.com/watch?v=MBK4QYkUm10	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/76908
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033703
af854a3a-2127-422b-91ae-364da2661108	https://cxsecurity.com/issue/WLB-2013040082
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205267	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.youtube.com/watch?v=MBK4QYkUm10	Exploit

Impacted products

	Vendor	Product	Version
	netbsd	tnftpd	*
	apple	mac_os_x	10.10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netbsd:tnftpd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28452FCF-6965-4708-848E-C381F2A800D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03F9674E-6AF9-47D7-B74E-CA4A7DF6A41D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de glob en tnftpd (anteriormente lukemftpd), tal como se utiliza en Apple OS X en versiones anteriores a 10.11 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria e interrupci\u00f3n de demonio) a trav\u00e9s de un comando STAT que contiene un patr\u00f3n manipulado, seg\u00fan lo demostrado por m\u00faltiples casos de la subcadena {..,..,..}/*."
    }
  ],
  "id": "CVE-2015-5917",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-09T05:59:35.357",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/76908"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1033703"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://cxsecurity.com/issue/WLB-2013040082"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205267"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cxsecurity.com/issue/WLB-2013040082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201510-0081

Vulnerability from variot - Updated: 2023-12-18 11:16

The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. tnftpd (formerly lukemftpd) is a port of the NetBSD FTP server for other systems that provides functional enhancements to the traditional BSD ftpd

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201510-0081",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tnftpd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netbsd",
        "version": "*"
      },
      {
        "model": "tnftpd",
        "scope": null,
        "trust": 0.8,
        "vendor": "tnftpd",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8 thats all  10.11"
      },
      {
        "model": "tnftpd",
        "scope": null,
        "trust": 0.6,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "76908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005166"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5917"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-117"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netbsd:tnftpd:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-5917"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of",
    "sources": [
      {
        "db": "BID",
        "id": "76908"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-5917",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-5917",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-83878",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-5917",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201510-117",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-83878",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-5917",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83878"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5917"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005166"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5917"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-117"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. Apple Mac OS X is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. \nThese issues affect OS X prior to 10.11. tnftpd (formerly lukemftpd) is a port of the NetBSD FTP server for other systems that provides functional enhancements to the traditional BSD ftpd",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-5917"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005166"
      },
      {
        "db": "BID",
        "id": "76908"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83878"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5917"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-5917",
        "trust": 2.9
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2013040082",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "76908",
        "trust": 1.5
      },
      {
        "db": "SECTRACK",
        "id": "1033703",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005166",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-117",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-83878",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5917",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83878"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5917"
      },
      {
        "db": "BID",
        "id": "76908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005166"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5917"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-117"
      }
    ]
  },
  "id": "VAR-201510-0081",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83878"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:16:36.286000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205267"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205267"
      },
      {
        "title": "tnftp",
        "trust": 0.8,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/misc/tnftp/"
      },
      {
        "title": "Apple: OS X El Capitan v10.11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-5917"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005166"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83878"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005166"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5917"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.8,
        "url": "https://cxsecurity.com/issue/wlb-2013040082"
      },
      {
        "trust": 1.8,
        "url": "https://www.youtube.com/watch?v=mbk4qykum10"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/76908"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1033703"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5917"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5917"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-in/ht205267"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht205267"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41307"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83878"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5917"
      },
      {
        "db": "BID",
        "id": "76908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005166"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5917"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-117"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-83878"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5917"
      },
      {
        "db": "BID",
        "id": "76908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005166"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5917"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-117"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83878"
      },
      {
        "date": "2015-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-5917"
      },
      {
        "date": "2015-09-30T00:00:00",
        "db": "BID",
        "id": "76908"
      },
      {
        "date": "2015-10-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005166"
      },
      {
        "date": "2015-10-09T05:59:35.357000",
        "db": "NVD",
        "id": "CVE-2015-5917"
      },
      {
        "date": "2015-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-117"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83878"
      },
      {
        "date": "2016-12-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-5917"
      },
      {
        "date": "2015-12-08T22:02:00",
        "db": "BID",
        "id": "76908"
      },
      {
        "date": "2015-10-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005166"
      },
      {
        "date": "2016-12-08T03:11:30.423000",
        "db": "NVD",
        "id": "CVE-2015-5917"
      },
      {
        "date": "2015-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-117"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-117"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple OS X Used in  tnftpd of  glob Service disruption in implementations  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005166"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-117"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2015-06421

Vulnerability from cnvd - Published: 2015-10-12

Title

Apple OS X tnftpd拒绝服务漏洞

Description

Apple OS X是一款苹果公司开发的操作系统。 Apple OS X tnftpd存在glob处理漏洞，允许攻击者利用漏洞对FTP服务器进行拒绝服务攻击。

Severity

低

Patch Name

Apple OS X tnftpd拒绝服务漏洞的补丁

Patch Description

Apple OS X是一款苹果公司开发的操作系统。Apple OS X tnftpd存在glob处理漏洞，允许攻击者利用漏洞对FTP服务器进行拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://support.apple.com/en-us/HT205267

Reference

https://support.apple.com/en-us/HT205267

Impacted products

Name
Apple OS X <=10.10.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5917"
    }
  },
  "description": "Apple OS X\u662f\u4e00\u6b3e\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple OS X tnftpd\u5b58\u5728glob\u5904\u7406\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u5bf9FTP\u670d\u52a1\u5668\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Maksymilian Arciemowicz of cxsecurity.com",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/en-us/HT205267",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06421",
  "openTime": "2015-10-12",
  "patchDescription": "Apple OS X\u662f\u4e00\u6b3e\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple OS X tnftpd\u5b58\u5728glob\u5904\u7406\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u5bf9FTP\u670d\u52a1\u5668\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple OS X tnftpd\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple OS X \u003c=10.10.5"
  },
  "referenceLink": "https://support.apple.com/en-us/HT205267",
  "serverity": "\u4f4e",
  "submitTime": "2015-10-03",
  "title": "Apple OS X tnftpd\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-5917 (GCVE-0-2015-5917)

GSD-2015-5917

CERTFR-2015-AVI-416

Solution

CERTFR-2015-AVI-416

Solution

GHSA-X6X4-PHH7-F9MR

FKIE_CVE-2015-5917

VAR-201510-0081

CNVD-2015-06421

Tags

Sightings

Nomenclature