CVE-2015-3718 - Vulnerability Details - OpenCVE

systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X

Configuration 1 [-]

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://support.apple.com/kb/HT204942
http://www.securityfocus.com/bid/75493
http://www.securitytracker.com/id/1032760

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2015-07-03T01:00:00

Updated: 2024-08-06T05:56:14.636Z

Reserved: 2015-05-07T00:00:00

Link: CVE-2015-3718

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-07-03T02:00:09.883

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-3718

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-30T00:00:00", "descriptions": [{"lang": "en", "value": "systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a \"type confusion\" issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-21T09:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "APPLE-SA-2015-06-30-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"}, {"name": "75493", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75493"}, {"name": "1032760", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032760"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT204942"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2015-3718", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a \"type confusion\" issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2015-06-30-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"}, {"name": "75493", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75493"}, {"name": "1032760", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032760"}, {"name": "http://support.apple.com/kb/HT204942", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT204942"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:56:14.636Z"}, "title": "CVE Program Container", "references": [{"name": "APPLE-SA-2015-06-30-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"}, {"name": "75493", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75493"}, {"name": "1032760", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032760"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT204942"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2015-3718", "datePublished": "2015-07-03T01:00:00", "dateReserved": "2015-05-07T00:00:00", "dateUpdated": "2024-08-06T05:56:14.636Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "68566BD8-D5DD-4747-9C9A-59154400EBFA", "versionEndIncluding": "10.10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a \"type confusion\" issue."}, {"lang": "es", "value": "systemstatsd en el subsistema System Stats en Apple OS X anterior a 10.10.4 no interpreta correctamente los tipos de datos encontrados en la comunicaci\u00f3n de interprocesos, lo que permite a atacantes ejecutar c\u00f3digo arbitrario con privilegios systemstatsd a trav\u00e9s de una aplicaci\u00f3n manipulada, relacionado con un problema de 'confusi\u00f3n de tipos'."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/843.html\">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>", "id": "CVE-2015-3718", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-07-03T02:00:09.883", "references": [{"source": "product-security@apple.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT204942"}, {"source": "product-security@apple.com", "url": "http://www.securityfocus.com/bid/75493"}, {"source": "product-security@apple.com", "url": "http://www.securitytracker.com/id/1032760"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT204942"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/75493"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032760"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}