Lucene search

[email protected]CVE-2015-5889

HistoryOct 09, 2015 - 5:59 a.m.

CVE-2015-5889

2015-10-0905:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-5889

rsh

remote_cmds

apple os x

vulnerability

root privileges

environment variables

6.8 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

16.1%

JSON

rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.

CPENameOperatorVersion
apple:mac_os_xapple mac os xle10.10.5

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	le	10.10.5

References

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

packetstormsecurity.com/files/133826/issetugid-rsh-libmalloc-OS-X-Local-Root.html

packetstormsecurity.com/files/134087/Mac-OS-X-10.9.5-10.10.5-rsh-libmalloc-Privilege-Escalation.html

seclists.org/fulldisclosure/2015/Oct/5

www.rapid7.com/db/modules/exploit/osx/local/rsh_libmalloc

www.securityfocus.com/bid/76908

www.securitytracker.com/id/1033703

support.apple.com/HT205267

www.exploit-db.com/exploits/38371/

www.exploit-db.com/exploits/38540/

6.8 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

16.1%

JSON

Related for CVE-2015-5889

saint4 prion1 threatpost1 packetstorm2 zdt3 canvas1 exploitpack1 exploitdb1 kitploit1 openvas1 securityvulns2 nessus1