Details of VAR-200906-0056

ID

VAR-200906-0056

CVE

CVE-2009-0959

TITLE

Apple iPhone OS of MPEG-4 Service disruption in video codecs (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-001850

DESCRIPTION

The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue.". Apple iPhone and iPod touch are prone to multiple vulnerabilities. Successfully exploiting these issues may allow attackers to bypass security restrictions, obtain sensitive information, or cause denial-of-service conditions. These issues affect the following: iPhone OS 1.0 through 2.2.1 iPhone OS for iPod touch 1.1 through 2.2.1 This BID is being retired

Trust: 2.25

sources: NVD: CVE-2009-0959 // JVNDB: JVNDB-2009-001850 // BID: 35414 // BID: 35433 // VULHUB: VHN-38405

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.5	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.4	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	apple	model:	ipod touch	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	eq	version:	1.0 to 2.2.1	Trust: 0.8
vendor:	apple	model:	ios for ipod touch	scope:	eq	version:	1.1 to 2.2.1	Trust: 0.8
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.4	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.3	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.2.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.4	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.3	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.2	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	1.0.2	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	1.0.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.2	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.0	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	1.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	ne	version:	3.0	Trust: 0.6
vendor:	apple	model:	iphone	scope:	ne	version:	3.0	Trust: 0.6

sources: BID: 35414 // BID: 35433 // JVNDB: JVNDB-2009-001850 // CNNVD: CNNVD-200906-311 // NVD: CVE-2009-0959

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-0959
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-0959
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200906-311
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-38405
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-0959
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-38405
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-38405 // JVNDB: JVNDB-2009-001850 // CNNVD: CNNVD-200906-311 // NVD: CVE-2009-0959

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-38405 // JVNDB: JVNDB-2009-001850 // NVD: CVE-2009-0959

THREAT TYPE

network

Trust: 0.6

sources: BID: 35414 // BID: 35433

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 35433 // CNNVD: CNNVD-200906-311

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001850

PATCH

title:	HT3639	url:	http://support.apple.com/kb/HT3639	Trust: 0.8
title:	HT3639	url:	http://support.apple.com/kb/HT3639?viewlocale=ja_JP	Trust: 0.8
title:	Apple iPhone Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203144	Trust: 0.6

sources: JVNDB: JVNDB-2009-001850 // CNNVD: CNNVD-200906-311

EXTERNAL IDS

db:	NVD	id:	CVE-2009-0959	Trust: 2.8
db:	BID	id:	35433	Trust: 2.8
db:	OSVDB	id:	55237	Trust: 2.5
db:	VUPEN	id:	ADV-2009-1621	Trust: 2.5
db:	BID	id:	35414	Trust: 2.0
db:	XF	id:	51211	Trust: 0.8
db:	JVNDB	id:	JVNDB-2009-001850	Trust: 0.8
db:	CNNVD	id:	CNNVD-200906-311	Trust: 0.6
db:	VULHUB	id:	VHN-38405	Trust: 0.1

sources: VULHUB: VHN-38405 // BID: 35414 // BID: 35433 // JVNDB: JVNDB-2009-001850 // CNNVD: CNNVD-200906-311 // NVD: CVE-2009-0959

REFERENCES

url:	http://www.securityfocus.com/bid/35433	Trust: 2.5
url:	http://osvdb.org/55237	Trust: 2.5
url:	http://www.vupen.com/english/advisories/2009/1621	Trust: 2.5
url:	http://support.apple.com/kb/ht3639	Trust: 2.0
url:	http://lists.apple.com/archives/security-announce/2009/jun/msg00005.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/35414	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/51211	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0959	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/51211	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0959	Trust: 0.8
url:	http://www.apple.com/iphone/	Trust: 0.6
url:	http://www.apple.com/ipodtouch/	Trust: 0.6

sources: VULHUB: VHN-38405 // BID: 35414 // BID: 35433 // JVNDB: JVNDB-2009-001850 // CNNVD: CNNVD-200906-311 // NVD: CVE-2009-0959

CREDITS

Oskar Lissheim-BoethiusOliver QuasChristian Schmitz

Trust: 0.6

sources: CNNVD: CNNVD-200906-311

SOURCES

db:	VULHUB	id:	VHN-38405
db:	BID	id:	35414
db:	BID	id:	35433
db:	JVNDB	id:	JVNDB-2009-001850
db:	CNNVD	id:	CNNVD-200906-311
db:	NVD	id:	CVE-2009-0959

LAST UPDATE DATE

2024-11-23T21:06:04.600000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-38405	date:	2017-08-17T00:00:00
db:	BID	id:	35414	date:	2009-06-19T23:09:00
db:	BID	id:	35433	date:	2009-06-19T23:09:00
db:	JVNDB	id:	JVNDB-2009-001850	date:	2009-08-06T00:00:00
db:	CNNVD	id:	CNNVD-200906-311	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2009-0959	date:	2024-11-21T01:01:20.520

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-38405	date:	2009-06-19T00:00:00
db:	BID	id:	35414	date:	2009-06-17T00:00:00
db:	BID	id:	35433	date:	2009-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2009-001850	date:	2009-08-06T00:00:00
db:	CNNVD	id:	CNNVD-200906-311	date:	2009-06-19T00:00:00
db:	NVD	id:	CVE-2009-0959	date:	2009-06-19T16:30:00.250