Details of VAR-201008-0250

ID

VAR-201008-0250

CVE

CVE-2010-1768

TITLE

Apple iTunes Vulnerabilities in which console privileges can be obtained

Trust: 0.8

sources: JVNDB: JVNDB-2010-004049

DESCRIPTION

Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch. Apple iTunes is prone to a local privilege-escalation vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code with superuser privileges. Versions prior to Apple iTunes 9.1 on Apple Mac OS X are vulnerable. iTunes is an Apple player software for iPod and mp3 files

Trust: 1.98

sources: NVD: CVE-2010-1768 // JVNDB: JVNDB-2010-004049 // BID: 42538 // VULHUB: VHN-44373

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 1.9
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 1.9
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 1.9
vendor:	apple	model:	itunes	scope:	eq	version:	8.2	Trust: 1.9
vendor:	apple	model:	itunes	scope:	eq	version:	8.1	Trust: 1.9
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	8.2.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	8.1.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.6.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	2.0.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	2.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lte	version:	9.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	1.1.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.9.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.8.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	9.1	Trust: 0.8
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.3	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.2.20	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	ne	version:	9.1	Trust: 0.3

sources: BID: 42538 // JVNDB: JVNDB-2010-004049 // CNNVD: CNNVD-201008-214 // NVD: CVE-2010-1768

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-1768
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-1768
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201008-214
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-44373
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-1768
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-44373
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-44373 // JVNDB: JVNDB-2010-004049 // CNNVD: CNNVD-201008-214 // NVD: CVE-2010-1768

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2010-1768

THREAT TYPE

local

Trust: 0.9

sources: BID: 42538 // CNNVD: CNNVD-201008-214

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201008-214

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-004049

PATCH

title:

HT4105

url:

http://support.apple.com/kb/HT4105

Trust: 0.8

sources: JVNDB: JVNDB-2010-004049

EXTERNAL IDS

db:	NVD	id:	CVE-2010-1768	Trust: 2.8
db:	BID	id:	42538	Trust: 2.0
db:	JVNDB	id:	JVNDB-2010-004049	Trust: 0.8
db:	CNNVD	id:	CNNVD-201008-214	Trust: 0.7
db:	XF	id:	61222	Trust: 0.6
db:	VULHUB	id:	VHN-44373	Trust: 0.1

sources: VULHUB: VHN-44373 // BID: 42538 // JVNDB: JVNDB-2010-004049 // CNNVD: CNNVD-201008-214 // NVD: CVE-2010-1768

REFERENCES

url:	http://support.apple.com/kb/ht4105	Trust: 2.0
url:	http://www.securityfocus.com/bid/42538	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7604	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/61222	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1768	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1768	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/61222	Trust: 0.6
url:	http://www.apple.com/itunes/	Trust: 0.3

sources: VULHUB: VHN-44373 // BID: 42538 // JVNDB: JVNDB-2010-004049 // CNNVD: CNNVD-201008-214 // NVD: CVE-2010-1768

CREDITS

Jon Passki, and Nicolas Seriot of HEIG-VD

Trust: 0.3

sources: BID: 42538

SOURCES

db:	VULHUB	id:	VHN-44373
db:	BID	id:	42538
db:	JVNDB	id:	JVNDB-2010-004049
db:	CNNVD	id:	CNNVD-201008-214
db:	NVD	id:	CVE-2010-1768

LAST UPDATE DATE

2024-11-23T23:06:34.493000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-44373	date:	2017-09-19T00:00:00
db:	BID	id:	42538	date:	2010-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2010-004049	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201008-214	date:	2010-08-24T00:00:00
db:	NVD	id:	CVE-2010-1768	date:	2024-11-21T01:15:09.500

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-44373	date:	2010-08-20T00:00:00
db:	BID	id:	42538	date:	2010-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2010-004049	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201008-214	date:	2010-08-24T00:00:00
db:	NVD	id:	CVE-2010-1768	date:	2010-08-20T20:00:01.170