Apple iOS up to 9.0 configd memory corruption

A vulnerability has been found in Apple iOS up to 9.0 (Smartphone Operating System) and classified as critical. Affected by this vulnerability is an unknown code block of the component configd. Upgrading to version 9.1 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field02/12/2018 08:16 AM06/23/2022 10:23 PM06/23/2022 10:37 PM
typeSmartphone Operating SystemSmartphone Operating SystemSmartphone Operating System
vendorAppleAppleApple
nameiOSiOSiOS
version<=9.0<=9.0<=9.0
componentconfigdconfigdconfigd
risk222
cvss2_vuldb_basescore5.15.15.1
cvss2_vuldb_tempscore4.44.44.4
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore7.37.37.3
cvss3_meta_tempscore7.07.07.0
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore7.07.07.0
advisoryquoteA heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients.A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients.A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients.
date1445385600 (10/21/2015)1445385600 (10/21/2015)1445385600 (10/21/2015)
locationWebsiteWebsiteWebsite
typeAdvisoryAdvisoryAdvisory
urlhttps://support.apple.com/en-us/HT205370https://support.apple.com/en-us/HT205370https://support.apple.com/en-us/HT205370
identifierHT205370HT205370HT205370
company_namePanguTeamPanguTeamPanguTeam
disputed000
price_0day$100k and more$100k and more$100k and more
price_trend+++
nameUpgradeUpgradeUpgrade
date1445385600 (10/21/2015)1445385600 (10/21/2015)1445385600 (10/21/2015)
upgrade_version9.19.19.1
cveCVE-2015-7015CVE-2015-7015CVE-2015-7015
qualys_id124172124172124172
qualys_titleApple Mac OS X v10.11.1 Not Installed (APPLE-SA-2015-10-21-4)Apple Mac OS X v10.11.1 Not Installed (APPLE-SA-2015-10-21-4)Apple Mac OS X v10.11.1 Not Installed (APPLE-SA-2015-10-21-4)
seealso68857 74877 74936 77709 78625 78672 78724 78725 78728 78729 78730 78731 78732 78733 78734 78735 78736 78737 78738 78739 78740 78741 78742 78743 78744 78745 78746 78747 78749 7875068857 74877 74936 77709 78625 78672 78724 78725 78728 78729 78730 78731 78732 78733 78734 78735 78736 78737 78738 78739 78740 78741 78742 78743 78744 78745 78746 78747 78749 7875068857 74877 74936 77709 78625 78672 78724 78725 78728 78729 78730 78731 78732 78733 78734 78735 78736 78737 78738 78739 78740 78741 78742 78743 78744 78745 78746 78747 78749 78750
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_vuldb_avNNN
cvss3_vuldb_prNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cwe119 (memory corruption)119 (memory corruption)119 (memory corruption)
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
confirm_urlhttps://support.apple.com/HT205370https://support.apple.com/HT205370https://support.apple.com/HT205370
cve_assigned1442361600 (09/16/2015)1442361600 (09/16/2015)1442361600 (09/16/2015)
cve_nvd_published144555840014455584001445558400
cve_nvd_summaryHeap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.
nessus_id866548665486654
nessus_nameMac OS X < 10.11.1 Multiple VulnerabilitiesMac OS X < 10.11.1 Multiple VulnerabilitiesMac OS X < 10.11.1 Multiple Vulnerabilities
nessus_filenamemacosx_10_11_1.naslmacosx_10_11_1.naslmacosx_10_11_1.nasl
nessus_familyMacOS X Local Security ChecksMacOS X Local Security ChecksMacOS X Local Security Checks
cvss2_nvd_basescore6.86.8
sectracker10339291033929
nessus_riskCritical
securityfocus64048

Might our Artificial Intelligence support you?

Check our Alexa App!