Sign-up

ID

VAR-201103-0084


CVE

CVE-2011-1418


TITLE

Apple iOS and Apple TV of User tracking vulnerability in stateless address autoconfiguration function

Trust: 0.8

sources: JVNDB: JVNDB-2011-004384

DESCRIPTION

The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses. Multiple Apple products are prone to a security weakness. An attacker-controlled server may exploit this issue to track specific devices or users across connections. This can aid attackers in launching further attacks. This issue is fixed in the following versions: Apple TV 4.2 Apple iOS 4.3

Trust: 1.98

sources: NVD: CVE-2011-1418 // JVNDB: JVNDB-2011-004384 // BID: 46944 // VULHUB: VHN-49363

AFFECTED PRODUCTS

vendor:applemodel:tvscope:eqversion:4.0

Trust: 1.9

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:4.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:2.1.0

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:tvosscope:lteversion:3.0.2

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:tvscope:eqversion:4.1

Trust: 0.9

vendor:applemodel:tvscope:ltversion:4.2

Trust: 0.8

vendor:applemodel:iosscope:ltversion:4.3

Trust: 0.8

vendor:applemodel:tvscope:eqversion:2.0.1

Trust: 0.6

vendor:applemodel:tvscope:eqversion:1.1.0

Trust: 0.6

vendor:applemodel:tvscope:eqversion:2.1.0

Trust: 0.6

vendor:applemodel:tvscope:eqversion:2.0.2

Trust: 0.6

vendor:applemodel:tvscope:eqversion:1.0.0

Trust: 0.6

vendor:applemodel:tvscope:eqversion:2.0.0

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:4.3

Trust: 0.3

vendor:applemodel:tvscope:neversion:4.2

Trust: 0.3

sources: BID: 46944 // JVNDB: JVNDB-2011-004384 // CNNVD: CNNVD-201103-193 // NVD: CVE-2011-1418

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-1418
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-1418
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201103-193
value: MEDIUM

Trust: 0.6

VULHUB: VHN-49363
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-1418
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-49363
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-49363 // JVNDB: JVNDB-2011-004384 // CNNVD: CNNVD-201103-193 // NVD: CVE-2011-1418

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-49363 // JVNDB: JVNDB-2011-004384 // NVD: CVE-2011-1418

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201103-193

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201103-193

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-004384

PATCH
title:HT4565url:http://support.apple.com/kb/HT4565
Trust: 0.8
title:HT4564url:http://support.apple.com/kb/HT4564
Trust: 0.8
title:Apple iOS  and TV IPv6 Network to achieve stateless address auto-configuration function user tracking vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90713
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2011-004384 // 
            
            
            
            CNNVD: CNNVD-201103-193

EXTERNAL IDS
db:NVDid:CVE-2011-1418
Trust: 2.8
db:JVNDBid:JVNDB-2011-004384
Trust: 0.8
db:CNNVDid:CNNVD-201103-193
Trust: 0.7
db:BIDid:46944
Trust: 0.4
db:VULHUBid:VHN-49363
Trust: 0.1
sources:
            
            
            VULHUB: VHN-49363 // 
            
            
            
            BID: 46944 // 
            
            
            
            JVNDB: JVNDB-2011-004384 // 
            
            
            
            CNNVD: CNNVD-201103-193 // 
            
            
            
            NVD: CVE-2011-1418

REFERENCES
url:http://lists.apple.com/archives/security-announce/2011//mar/msg00003.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2011//mar/msg00005.html
Trust: 1.7
url:http://support.apple.com/kb/ht4564
Trust: 1.7
url:http://support.apple.com/kb/ht4565
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1418
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1418
Trust: 0.8
url:http://www.apple.com/appletv/features.html
Trust: 0.3
url:http://www.apple.com/iphone/softwareupdate/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-49363 // 
            
            
            
            BID: 46944 // 
            
            
            
            JVNDB: JVNDB-2011-004384 // 
            
            
            
            CNNVD: CNNVD-201103-193 // 
            
            
            
            NVD: CVE-2011-1418

CREDITS
Apple
Trust: 0.3
sources:
            
            
            BID: 46944

SOURCES
db:VULHUBid:VHN-49363
db:BIDid:46944
db:JVNDBid:JVNDB-2011-004384
db:CNNVDid:CNNVD-201103-193
db:NVDid:CVE-2011-1418

LAST UPDATE DATE
2024-11-23T22:23:31.917000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-49363date:2019-03-08T00:00:00
db:BIDid:46944date:2015-03-19T08:50:00
db:JVNDBid:JVNDB-2011-004384date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201103-193date:2019-03-13T00:00:00
db:NVDid:CVE-2011-1418date:2024-11-21T01:26:16.070

SOURCES RELEASE DATE
db:VULHUBid:VHN-49363date:2011-03-11T00:00:00
db:BIDid:46944date:2011-03-09T00:00:00
db:JVNDBid:JVNDB-2011-004384date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201103-193date:2011-03-14T00:00:00
db:NVDid:CVE-2011-1418date:2011-03-11T22:55:05.807