CVE-2008-3612 - The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses p

CVE-2008-3612

Summary

The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.

References

Vulnerable Configurations

cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:*
cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:*
cpe:2.3:h:apple:iphone:2.0.1:*:*:*:*:*:*:*
cpe:2.3:h:apple:iphone:2.0.1:*:*:*:*:*:*:*
cpe:2.3:h:apple:iphone:2.0.2:*:*:*:*:*:*:*
cpe:2.3:h:apple:iphone:2.0.2:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-06-2011 - 04:00)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

apple	APPLE-SA-2008-09-09 APPLE-SA-2008-09-12
bid	31092
confirm	http://support.apple.com/kb/HT3026 http://support.apple.com/kb/HT3129
sectrack	1020848
secunia	31823 31900
vupen	ADV-2008-2525 ADV-2008-2558

Last major update

20-06-2011 - 04:00

Published

11-09-2008 - 01:13

Last modified

20-06-2011 - 04:00