Lucene search

MitreCVE-2008-4229

HistoryNov 25, 2008 - 11:30 p.m.

CVE-2008-4229

2008-11-2523:30:00

CWE-362

mitre

web.nvd.nist.gov

cve-2008-4229

race condition

passcode lock

apple iphone

ipod touch

security vulnerability

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

26.7%

JSON

Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.

Affected configurations

Nvd

Node

appleipod_touch

appleiphone_os

AND

appleiphone_osMatch1.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

VendorProductVersionCPE
appleipod_touch*cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleiphone_os1.0cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*
appleiphone_os1.0.1cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
appleiphone_os1.0.2cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
appleiphone_os1.1cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*
appleiphone_os1.1.1cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
appleiphone_os1.1.2cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
appleiphone_os1.1.3cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
appleiphone_os1.1.4cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	ipod_touch	*	cpe:2.3:h:apple:ipod_touch::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	iphone_os	1.0	cpe:2.3:o:apple:iphone_os:1.0:::::::*
apple	iphone_os	1.0.1	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
apple	iphone_os	1.0.2	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
apple	iphone_os	1.1	cpe:2.3:o:apple:iphone_os:1.1:::::::*
apple	iphone_os	1.1.1	cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
apple	iphone_os	1.1.2	cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
apple	iphone_os	1.1.3	cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
apple	iphone_os	1.1.4	cpe:2.3:o:apple:iphone_os:1.1.4:::::::*

Rows per page:

1-10 of 151

References

lists.apple.com/archives/security-announce/2008/Nov/msg00002.html

osvdb.org/50026

secunia.com/advisories/32756

support.apple.com/kb/HT3318

www.securityfocus.com/bid/32394

www.securitytracker.com/id?1021271

www.vupen.com/english/advisories/2008/3232

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

26.7%

JSON

Related for CVE-2008-4229