Sign-up

ID

VAR-200809-0572


CVE

CVE-2008-3631


TITLE

Apple iPod touch and iPhone of Application Sandbox Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2008-001689

DESCRIPTION

Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. Apple iPod touch and iPhone are prone to multiple remote vulnerabilities: 1. A vulnerability that may allow users to spoof websites. 2. An information-disclosure vulnerability. 3. A remote code-execution vulnerability. Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible. These issues affect versions prior to iPod touch 2.1 and iPhone 2.1. ---------------------------------------------------------------------- We have updated our website, enjoy! http://secunia.com/ ---------------------------------------------------------------------- TITLE: Apple iPod Touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31823 VERIFY ADVISORY: http://secunia.com/advisories/31823/ CRITICAL: Highly critical IMPACT: Hijacking, Security Bypass, Spoofing, Exposure of sensitive information, System access WHERE: >From remote OPERATING SYSTEM: Apple iPod touch http://secunia.com/advisories/product/16074/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iPod touch, which can be exploited by malicious applications to bypass certain security features and by malicious people to poison the DNS cache, spoof TCP connections, or potentially compromise a user's device. This can be exploited by one application to read another application's files. 2) Multiple errors exist in the included version of FreeType, which potentially can be exploited by malicious people to execute arbitrary code when accessing specially crafted font data. For more information: SA30600 3) mDNSResponder does not provide sufficient randomization, which can be exploited to poison the DNS cache. For more information: SA30973 4) Generation of predictable TCP initial sequence numbers can be exploited to spoof TCP connections or hijack sessions. 5) A use-after-free error in WebKit when handling CSS import statements can potentially be exploited to execute arbitrary code via a specially crafted website. SOLUTION: Update to version 2.1. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Nicolas Seriot of Sen:te and Bryce Cogswell. 3) The vendor credits Dan Kaminsky, IOActive. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3026 OTHER REFERENCES: SA30600: http://secunia.com/advisories/30600/ SA30973: http://secunia.com/advisories/30973/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For more information: SA31823 An error in the handling of emergency calls has also been reported. This can be exploited to bypass the Passcode Lock feature and allows users with physical access to an iPhone to launch applications without the passcode

Trust: 2.16

sources: NVD: CVE-2008-3631 // JVNDB: JVNDB-2008-001689 // BID: 31092 // VULHUB: VHN-33756 // PACKETSTORM: 69846 // PACKETSTORM: 70006

AFFECTED PRODUCTS

vendor:applemodel:ipod touchscope:eqversion:2.0.2

Trust: 1.9

vendor:applemodel:ipod touchscope:eqversion:2.0.1

Trust: 1.9

vendor:applemodel:ipod touchscope:eqversion:2.0

Trust: 1.9

vendor:applemodel:iphonescope:eqversion:v2.0 to v2.0.2

Trust: 0.8

vendor:applemodel:ipod touchscope:eqversion:v2.0 to v2.0.2

Trust: 0.8

vendor:ubuntumodel:linux sparcscope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:8.10

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:4

Trust: 0.3

vendor:applemodel:safariscope:neversion:4

Trust: 0.3

vendor:applemodel:ipod touchscope:neversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:neversion:2.1

Trust: 0.3

sources: BID: 31092 // JVNDB: JVNDB-2008-001689 // CNNVD: CNNVD-200809-126 // NVD: CVE-2008-3631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-3631
value: HIGH

Trust: 1.0

NVD: CVE-2008-3631
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200809-126
value: HIGH

Trust: 0.6

VULHUB: VHN-33756
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-3631
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-33756
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-33756 // JVNDB: JVNDB-2008-001689 // CNNVD: CNNVD-200809-126 // NVD: CVE-2008-3631

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-33756 // JVNDB: JVNDB-2008-001689 // NVD: CVE-2008-3631

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200809-126

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200809-126

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001689

PATCH
title:iPhone v2.1url:http://support.apple.com/kb/HT3129
Trust: 0.8
title:iPod touch v2.1url:http://support.apple.com/kb/HT3026
Trust: 0.8
title:iPod touch v2.1url:http://support.apple.com/kb/HT3026?locale=ja_JP
Trust: 0.8
title:iPhone v2.1url:http://support.apple.com/kb/HT3129?locale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001689

EXTERNAL IDS
db:NVDid:CVE-2008-3631
Trust: 2.8
db:BIDid:31092
Trust: 2.8
db:SECUNIAid:31823
Trust: 2.6
db:SECUNIAid:31900
Trust: 2.6
db:SECTRACKid:1020846
Trust: 1.7
db:VUPENid:ADV-2008-2525
Trust: 1.7
db:VUPENid:ADV-2008-2558
Trust: 1.7
db:JVNDBid:JVNDB-2008-001689
Trust: 0.8
db:APPLEid:APPLE-SA-2008-09-12
Trust: 0.6
db:APPLEid:APPLE-SA-2008-09-09
Trust: 0.6
db:CNNVDid:CNNVD-200809-126
Trust: 0.6
db:VULHUBid:VHN-33756
Trust: 0.1
db:PACKETSTORMid:69846
Trust: 0.1
db:PACKETSTORMid:70006
Trust: 0.1
sources:
            
            
            VULHUB: VHN-33756 // 
            
            
            
            BID: 31092 // 
            
            
            
            JVNDB: JVNDB-2008-001689 // 
            
            
            
            PACKETSTORM: 69846 // 
            
            
            
            PACKETSTORM: 70006 // 
            
            
            
            CNNVD: CNNVD-200809-126 // 
            
            
            
            NVD: CVE-2008-3631

REFERENCES
url:http://www.securityfocus.com/bid/31092
Trust: 2.5
url:http://secunia.com/advisories/31823
Trust: 2.5
url:http://secunia.com/advisories/31900
Trust: 2.5
url:http://support.apple.com/kb/ht3026
Trust: 1.8
url:http://support.apple.com/kb/ht3129
Trust: 1.8
url:http://lists.apple.com/archives/security-announce//2008/sep/msg00003.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce//2008/sep/msg00004.html
Trust: 1.7
url:http://www.securitytracker.com/id?1020846
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2008/2558
Trust: 1.4
url:http://www.frsirt.com/english/advisories/2008/2525
Trust: 1.4
url:http://www.vupen.com/english/advisories/2008/2525
Trust: 1.1
url:http://www.vupen.com/english/advisories/2008/2558
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3631
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3631
Trust: 0.8
url:http://www.apple.com/ipodtouch/
Trust: 0.3
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.2
url:http://secunia.com/advisories/31823/
Trust: 0.2
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.2
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.2
url:http://secunia.com/
Trust: 0.1
url:http://secunia.com/advisories/30973/
Trust: 0.1
url:http://secunia.com/advisories/product/16074/
Trust: 0.1
url:http://secunia.com/advisories/30600/
Trust: 0.1
url:http://secunia.com/binary_analysis/sample_analysis/
Trust: 0.1
url:http://secunia.com/advisories/31900/
Trust: 0.1
url:http://secunia.com/advisories/product/15128/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-33756 // 
            
            
            
            BID: 31092 // 
            
            
            
            JVNDB: JVNDB-2008-001689 // 
            
            
            
            PACKETSTORM: 69846 // 
            
            
            
            PACKETSTORM: 70006 // 
            
            
            
            CNNVD: CNNVD-200809-126 // 
            
            
            
            NVD: CVE-2008-3631

CREDITS
Nicolas SeriotBryce Cogswell
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200809-126

SOURCES
db:VULHUBid:VHN-33756
db:BIDid:31092
db:JVNDBid:JVNDB-2008-001689
db:PACKETSTORMid:69846
db:PACKETSTORMid:70006
db:CNNVDid:CNNVD-200809-126
db:NVDid:CVE-2008-3631

LAST UPDATE DATE
2024-11-23T19:59:26.809000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-33756date:2011-03-08T00:00:00
db:BIDid:31092date:2009-06-09T16:59:00
db:JVNDBid:JVNDB-2008-001689date:2008-09-30T00:00:00
db:CNNVDid:CNNVD-200809-126date:2008-11-15T00:00:00
db:NVDid:CVE-2008-3631date:2024-11-21T00:49:44.140

SOURCES RELEASE DATE
db:VULHUBid:VHN-33756date:2008-09-11T00:00:00
db:BIDid:31092date:2008-09-09T00:00:00
db:JVNDBid:JVNDB-2008-001689date:2008-09-30T00:00:00
db:PACKETSTORMid:69846date:2008-09-11T04:44:10
db:PACKETSTORMid:70006date:2008-09-16T00:07:21
db:CNNVDid:CNNVD-200809-126date:2008-09-11T00:00:00
db:NVDid:CVE-2008-3631date:2008-09-11T01:13:09.930