Details of VAR-201705-3986

ID

VAR-201705-3986

CVE

CVE-2017-6982

TITLE

Apple iOS Service disruption in other notification components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-003790

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app. Apple OS X The notification component has a service disruption (DoS) There are vulnerabilities that are put into a state.Denial of service operations through a specially crafted application by an attacker (DoS) There is a possibility of being put into a state. Apple iOS is prone to security-bypass and denial-of-service vulnerabilities. Attackers can exploit these issues to perform man-in-the-middle attacks and impersonate trusted servers or cause denial-of-service conditions. A rejection vulnerability exists in the Notifications component of Apple iOS prior to 10.3.2

Trust: 1.98

sources: NVD: CVE-2017-6982 // JVNDB: JVNDB-2017-003790 // BID: 98479 // VULHUB: VHN-115185

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	10.3.2 (ipad first 4 generation or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3.2 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3.2 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.3.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.3.2	Trust: 0.3

sources: BID: 98479 // JVNDB: JVNDB-2017-003790 // CNNVD: CNNVD-201705-782 // NVD: CVE-2017-6982

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6982
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6982
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201705-782
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-115185
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6982
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-115185
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6982
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-115185 // JVNDB: JVNDB-2017-003790 // CNNVD: CNNVD-201705-782 // NVD: CVE-2017-6982

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-115185 // JVNDB: JVNDB-2017-003790 // NVD: CVE-2017-6982

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-782

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201705-782

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003790

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-115185

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT207798	url:	https://support.apple.com/en-us/HT207798	Trust: 0.8
title:	HT207798	url:	https://support.apple.com/ja-jp/HT207798	Trust: 0.8
title:	Apple iOS Notifications Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70351	Trust: 0.6

sources: JVNDB: JVNDB-2017-003790 // CNNVD: CNNVD-201705-782

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6982	Trust: 2.8
db:	SECTRACK	id:	1038485	Trust: 1.7
db:	BID	id:	98479	Trust: 1.4
db:	EXPLOIT-DB	id:	42014	Trust: 1.1
db:	JVN	id:	JVNVU98089541	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-003790	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-782	Trust: 0.7
db:	PACKETSTORM	id:	142571	Trust: 0.1
db:	VULHUB	id:	VHN-115185	Trust: 0.1

sources: VULHUB: VHN-115185 // BID: 98479 // JVNDB: JVNDB-2017-003790 // CNNVD: CNNVD-201705-782 // NVD: CVE-2017-6982

REFERENCES

url:	https://support.apple.com/ht207798	Trust: 1.7
url:	http://www.securityfocus.com/bid/98479	Trust: 1.1
url:	https://www.exploit-db.com/exploits/42014/	Trust: 1.1
url:	http://www.securitytracker.com/id/1038485	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6982	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98089541/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6982	Trust: 0.8
url:	http://securitytracker.com/id/1038485	Trust: 0.6
url:	https://www.apple.com/	Trust: 0.3

sources: VULHUB: VHN-115185 // BID: 98479 // JVNDB: JVNDB-2017-003790 // CNNVD: CNNVD-201705-782 // NVD: CVE-2017-6982

CREDITS

Vincent Desmurs (vincedes3), Sem Voigtlander (OxFEEDFACE), Joseph Shenton of CoffeeBreakers and Andrew Jerman

Trust: 0.3

sources: BID: 98479

SOURCES

db:	VULHUB	id:	VHN-115185
db:	BID	id:	98479
db:	JVNDB	id:	JVNDB-2017-003790
db:	CNNVD	id:	CNNVD-201705-782
db:	NVD	id:	CVE-2017-6982

LAST UPDATE DATE

2024-11-23T19:47:54.905000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-115185	date:	2017-08-13T00:00:00
db:	BID	id:	98479	date:	2017-05-23T16:27:00
db:	JVNDB	id:	JVNDB-2017-003790	date:	2017-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201705-782	date:	2017-05-31T00:00:00
db:	NVD	id:	CVE-2017-6982	date:	2024-11-21T03:30:54.997

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-115185	date:	2017-05-22T00:00:00
db:	BID	id:	98479	date:	2017-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-003790	date:	2017-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201705-782	date:	2017-05-17T00:00:00
db:	NVD	id:	CVE-2017-6982	date:	2017-05-22T05:29:02.833