Lucene search

PRIOn knowledge basePRION:CVE-2008-3434

HistoryAug 01, 2008 - 2:41 p.m.

Design/Logic Flaw

2008-08-0114:41:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON

Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CPENameOperatorVersion
ituneseq6.0.2
ituneseq4.0.1
ituneseq4.1
ituneseq4.6
ituneseq6.0
ituneseq4.7
ituneseq2.0.1
ituneseq6.0.4.2
ituneseq6.0.1
ituneseq6.0.4

Name	Operator	Version
itunes	eq	6.0.2
itunes	eq	4.0.1
itunes	eq	4.1
itunes	eq	4.6
itunes	eq	6.0
itunes	eq	4.7
itunes	eq	2.0.1
itunes	eq	6.0.4.2
itunes	eq	6.0.1
itunes	eq	6.0.4

Rows per page:

1-10 of 301

References

archives.neohapsis.com/archives/bugtraq/2008-07/0250.html

lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html

support.apple.com/kb/HT5030

www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf

www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON

Related for PRION:CVE-2008-3434