Vulnerability Details : CVE-2015-5889
Public exploit exists!
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
Products affected by CVE-2015-5889
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5889
12.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2015-5889
-
Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation
Disclosure Date: 2015-10-01First seen: 2020-04-26exploit/osx/local/rsh_libmallocThis module writes to the sudoers file without root access by exploiting rsh and malloc log files. Makes sudo require no password, giving access to su even if root is disabled. Works on OS X 10.9.5 to 10.10.5 (patched on 10.11). Authors: - rebel - shandelman116
CVSS scores for CVE-2015-5889
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2015-5889
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5889
-
http://packetstormsecurity.com/files/133826/issetugid-rsh-libmalloc-OS-X-Local-Root.html
issetugid() + rsh + libmalloc OS X Local Root ≈ Packet Storm
-
http://packetstormsecurity.com/files/134087/Mac-OS-X-10.9.5-10.10.5-rsh-libmalloc-Privilege-Escalation.html
Mac OS X 10.9.5 / 10.10.5 rsh/libmalloc Privilege Escalation ≈ Packet Storm
-
https://www.exploit-db.com/exploits/38371/
Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Local Privilege Escalation
-
http://www.securityfocus.com/bid/76908
Apple Mac OS X Prior to 10.11 Multiple Security Vulnerabilities
-
https://www.exploit-db.com/exploits/38540/
Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Local Privilege Escalation (Metasploit)
-
https://support.apple.com/HT205267
About the security content of OS X El Capitan v10.11 - Apple SupportVendor Advisory
-
http://www.securitytracker.com/id/1033703
Apple OS X Multiple Flaws Let Remote and Local Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Local Users Gain Elevated Privileges - SecurityTracker
-
http://seclists.org/fulldisclosure/2015/Oct/5
Full Disclosure: Mac OS X local root (rsh/libmalloc)
-
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Apple - Lists.apple.comVendor Advisory
-
http://www.rapid7.com/db/modules/exploit/osx/local/rsh_libmalloc
Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation
Jump to