Details of VAR-201006-0329

ID

VAR-201006-0329

CVE

CVE-2010-1756

TITLE

Apple iOS Vulnerabilities that allow users to track users in the settings application

Trust: 0.8

sources: JVNDB: JVNDB-2010-001680

DESCRIPTION

The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. This may lead to a false sense of security, which may aid in further attacks. NOTE: This BID was previously covered in BID 41016 (Apple iPhone/iPod touch Prior to iOS 4 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad

Trust: 2.25

sources: NVD: CVE-2010-1756 // JVNDB: JVNDB-2010-001680 // BID: 41016 // BID: 41048 // VULHUB: VHN-44361

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	4.0	Trust: 1.0
vendor:	apple	model:	ios	scope:	eq	version:	2.0 to 3.1.3	Trust: 0.8
vendor:	apple	model:	ios for ipod touch	scope:	eq	version:	2.1 to 3.1.3	Trust: 0.8
vendor:	apple	model:	iphone	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	ipod touch	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.3	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.0	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.3	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.2	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	3.0.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.2.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	3.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	3.0	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.2	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.0	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.6
vendor:	apple	model:	ios	scope:	ne	version:	4	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.3	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.2	Trust: 0.6

sources: BID: 41016 // BID: 41048 // JVNDB: JVNDB-2010-001680 // CNNVD: CNNVD-201006-366 // NVD: CVE-2010-1756

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-1756
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-1756
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201006-366
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-44361
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-1756
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-44361
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-44361 // JVNDB: JVNDB-2010-001680 // CNNVD: CNNVD-201006-366 // NVD: CVE-2010-1756

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-DesignError	Trust: 0.8

sources: JVNDB: JVNDB-2010-001680 // NVD: CVE-2010-1756

THREAT TYPE

network

Trust: 0.6

sources: BID: 41016 // BID: 41048

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201006-366

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001680

PATCH

title:	HT4225	url:	http://support.apple.com/kb/HT4225	Trust: 0.8
title:	HT4225	url:	http://support.apple.com/kb/HT4225?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2010-001680

EXTERNAL IDS

db:	NVD	id:	CVE-2010-1756	Trust: 2.8
db:	BID	id:	41016	Trust: 2.0
db:	JVNDB	id:	JVNDB-2010-001680	Trust: 0.8
db:	CNNVD	id:	CNNVD-201006-366	Trust: 0.7
db:	BID	id:	41048	Trust: 0.4
db:	VULHUB	id:	VHN-44361	Trust: 0.1

sources: VULHUB: VHN-44361 // BID: 41016 // BID: 41048 // JVNDB: JVNDB-2010-001680 // CNNVD: CNNVD-201006-366 // NVD: CVE-2010-1756

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2010/jun/msg00003.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/41016	Trust: 1.7
url:	http://support.apple.com/kb/ht4225	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1756	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1756	Trust: 0.8
url:	http://www.apple.com/iphone/softwareupdate/	Trust: 0.6
url:	http://www.apple.com/iphone/	Trust: 0.6
url:	http://www.apple.com/ipodtouch/	Trust: 0.6

sources: VULHUB: VHN-44361 // BID: 41016 // BID: 41048 // JVNDB: JVNDB-2010-001680 // CNNVD: CNNVD-201006-366 // NVD: CVE-2010-1756

CREDITS

Zac White; Laurent OUDOT of TEHTRI-Security; Ladd Van Tol of Critical Path Software; Apple; Jason Dent of Street Side Software; Sidney San Martin of DeepTech, Inc.; Wilfried Teiken; Darin Fisher of Google Inc.; Wayne Pan of AdMob, Inc.; wushi of team509.

Trust: 0.3

sources: BID: 41016

SOURCES

db:	VULHUB	id:	VHN-44361
db:	BID	id:	41016
db:	BID	id:	41048
db:	JVNDB	id:	JVNDB-2010-001680
db:	CNNVD	id:	CNNVD-201006-366
db:	NVD	id:	CVE-2010-1756

LAST UPDATE DATE

2024-11-23T19:35:58.243000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-44361	date:	2018-11-14T00:00:00
db:	BID	id:	41016	date:	2010-06-23T16:08:00
db:	BID	id:	41048	date:	2010-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2010-001680	date:	2010-07-14T00:00:00
db:	CNNVD	id:	CNNVD-201006-366	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2010-1756	date:	2024-11-21T01:15:08.010

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-44361	date:	2010-06-22T00:00:00
db:	BID	id:	41016	date:	2010-06-21T00:00:00
db:	BID	id:	41048	date:	2010-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2010-001680	date:	2010-07-14T00:00:00
db:	CNNVD	id:	CNNVD-201006-366	date:	2010-06-24T00:00:00
db:	NVD	id:	CVE-2010-1756	date:	2010-06-22T20:30:01.663