var-200809-0572
Vulnerability from variot
Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. Apple iPod touch and iPhone are prone to multiple remote vulnerabilities: 1. A vulnerability that may allow users to spoof websites. 2. An information-disclosure vulnerability. 3. A remote code-execution vulnerability. Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible. These issues affect versions prior to iPod touch 2.1 and iPhone 2.1. ----------------------------------------------------------------------
We have updated our website, enjoy! http://secunia.com/
TITLE: Apple iPod Touch Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA31823
VERIFY ADVISORY: http://secunia.com/advisories/31823/
CRITICAL: Highly critical
IMPACT: Hijacking, Security Bypass, Spoofing, Exposure of sensitive information, System access
WHERE:
From remote
OPERATING SYSTEM: Apple iPod touch http://secunia.com/advisories/product/16074/
DESCRIPTION: Multiple vulnerabilities have been reported in Apple iPod touch, which can be exploited by malicious applications to bypass certain security features and by malicious people to poison the DNS cache, spoof TCP connections, or potentially compromise a user's device. This can be exploited by one application to read another application's files.
2) Multiple errors exist in the included version of FreeType, which potentially can be exploited by malicious people to execute arbitrary code when accessing specially crafted font data.
For more information: SA30600
3) mDNSResponder does not provide sufficient randomization, which can be exploited to poison the DNS cache.
For more information: SA30973
4) Generation of predictable TCP initial sequence numbers can be exploited to spoof TCP connections or hijack sessions.
5) A use-after-free error in WebKit when handling CSS import statements can potentially be exploited to execute arbitrary code via a specially crafted website.
SOLUTION: Update to version 2.1.
PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Nicolas Seriot of Sen:te and Bryce Cogswell. 3) The vendor credits Dan Kaminsky, IOActive.
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3026
OTHER REFERENCES: SA30600: http://secunia.com/advisories/30600/
SA30973: http://secunia.com/advisories/30973/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
For more information: SA31823
An error in the handling of emergency calls has also been reported. This can be exploited to bypass the Passcode Lock feature and allows users with physical access to an iPhone to launch applications without the passcode
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200809-0572",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipod touch",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "2.0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v2.0 to v2.0.2"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v2.0 to v2.0.2"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.4"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.3"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.3"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.2"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.2"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.4"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.3"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.4"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.3"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "safari for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ipod touch",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "iphone",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
}
],
"sources": [
{
"db": "BID",
"id": "31092"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001689"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-126"
},
{
"db": "NVD",
"id": "CVE-2008-3631"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:apple:iphone",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:ipod_touch",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001689"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nicolas SeriotBryce Cogswell",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-126"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3631",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2008-3631",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-33756",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-3631",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-3631",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200809-126",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-33756",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33756"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001689"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-126"
},
{
"db": "NVD",
"id": "CVE-2008-3631"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application. Apple iPod touch and iPhone are prone to multiple remote vulnerabilities:\n1. A vulnerability that may allow users to spoof websites. \n2. An information-disclosure vulnerability. \n3. A remote code-execution vulnerability. \nSuccessfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible. \nThese issues affect versions prior to iPod touch 2.1 and iPhone 2.1. ----------------------------------------------------------------------\n\nWe have updated our website, enjoy!\nhttp://secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iPod Touch Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA31823\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31823/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nHijacking, Security Bypass, Spoofing, Exposure of sensitive\ninformation, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple iPod touch\nhttp://secunia.com/advisories/product/16074/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Apple iPod touch,\nwhich can be exploited by malicious applications to bypass certain\nsecurity features and by malicious people to poison the DNS cache,\nspoof TCP connections, or potentially compromise a user\u0027s device. This\ncan be exploited by one application to read another application\u0027s\nfiles. \n\n2) Multiple errors exist in the included version of FreeType, which\npotentially can be exploited by malicious people to execute arbitrary\ncode when accessing specially crafted font data. \n\nFor more information:\nSA30600\n\n3) mDNSResponder does not provide sufficient randomization, which can\nbe exploited to poison the DNS cache. \n\nFor more information:\nSA30973\n\n4) Generation of predictable TCP initial sequence numbers can be\nexploited to spoof TCP connections or hijack sessions. \n\n5) A use-after-free error in WebKit when handling CSS import\nstatements can potentially be exploited to execute arbitrary code via\na specially crafted website. \n\nSOLUTION:\nUpdate to version 2.1. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Nicolas Seriot of Sen:te and Bryce Cogswell. \n3) The vendor credits Dan Kaminsky, IOActive. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT3026\n\nOTHER REFERENCES:\nSA30600:\nhttp://secunia.com/advisories/30600/\n\nSA30973:\nhttp://secunia.com/advisories/30973/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nFor more information:\nSA31823\n\nAn error in the handling of emergency calls has also been reported. \nThis can be exploited to bypass the Passcode Lock feature and allows\nusers with physical access to an iPhone to launch applications\nwithout the passcode",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3631"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001689"
},
{
"db": "BID",
"id": "31092"
},
{
"db": "VULHUB",
"id": "VHN-33756"
},
{
"db": "PACKETSTORM",
"id": "69846"
},
{
"db": "PACKETSTORM",
"id": "70006"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3631",
"trust": 2.8
},
{
"db": "BID",
"id": "31092",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "31823",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "31900",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1020846",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2525",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2558",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001689",
"trust": 0.8
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-09-12",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-09-09",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200809-126",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-33756",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69846",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "70006",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33756"
},
{
"db": "BID",
"id": "31092"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001689"
},
{
"db": "PACKETSTORM",
"id": "69846"
},
{
"db": "PACKETSTORM",
"id": "70006"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-126"
},
{
"db": "NVD",
"id": "CVE-2008-3631"
}
]
},
"id": "VAR-200809-0572",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-33756"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:59:26.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "iPhone v2.1",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3129"
},
{
"title": "iPod touch v2.1",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3026"
},
{
"title": "iPod touch v2.1",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3026?locale=ja_JP"
},
{
"title": "iPhone v2.1",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3129?locale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001689"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33756"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001689"
},
{
"db": "NVD",
"id": "CVE-2008-3631"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/31092"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/31823"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/31900"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht3026"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht3129"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce//2008/sep/msg00003.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce//2008/sep/msg00004.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020846"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2008/2558"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2008/2525"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3631"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3631"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/31823/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30973/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/16074/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30600/"
},
{
"trust": 0.1,
"url": "http://secunia.com/binary_analysis/sample_analysis/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31900/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/15128/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33756"
},
{
"db": "BID",
"id": "31092"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001689"
},
{
"db": "PACKETSTORM",
"id": "69846"
},
{
"db": "PACKETSTORM",
"id": "70006"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-126"
},
{
"db": "NVD",
"id": "CVE-2008-3631"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-33756"
},
{
"db": "BID",
"id": "31092"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001689"
},
{
"db": "PACKETSTORM",
"id": "69846"
},
{
"db": "PACKETSTORM",
"id": "70006"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-126"
},
{
"db": "NVD",
"id": "CVE-2008-3631"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-33756"
},
{
"date": "2008-09-09T00:00:00",
"db": "BID",
"id": "31092"
},
{
"date": "2008-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001689"
},
{
"date": "2008-09-11T04:44:10",
"db": "PACKETSTORM",
"id": "69846"
},
{
"date": "2008-09-16T00:07:21",
"db": "PACKETSTORM",
"id": "70006"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-126"
},
{
"date": "2008-09-11T01:13:09.930000",
"db": "NVD",
"id": "CVE-2008-3631"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-33756"
},
{
"date": "2009-06-09T16:59:00",
"db": "BID",
"id": "31092"
},
{
"date": "2008-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001689"
},
{
"date": "2008-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-126"
},
{
"date": "2024-11-21T00:49:44.140000",
"db": "NVD",
"id": "CVE-2008-3631"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-126"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iPod touch and iPhone of Application Sandbox Vulnerable to reading arbitrary files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-126"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.