The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.
References
Link | Resource |
---|---|
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html | Mailing List Vendor Advisory |
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html | Mailing List Vendor Advisory |
http://secunia.com/advisories/31823 | Broken Link Vendor Advisory |
http://secunia.com/advisories/31900 | Broken Link Vendor Advisory |
http://support.apple.com/kb/HT3026 | Vendor Advisory |
http://support.apple.com/kb/HT3129 | Vendor Advisory |
http://www.securityfocus.com/bid/31092 | Broken Link Third Party Advisory VDB Entry |
http://www.securitytracker.com/id?1020848 | Broken Link Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2008/2525 | Broken Link Vendor Advisory |
http://www.vupen.com/english/advisories/2008/2558 | Broken Link Vendor Advisory |
Configurations
History
14 Feb 2024, 16:07
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apple iphone Os
|
|
CPE | cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:* cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:* cpe:2.3:h:apple:iphone:2.0.2:*:*:*:*:*:*:* cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:* cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:* |
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
References | (BID) http://www.securityfocus.com/bid/31092 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECTRACK) http://www.securitytracker.com/id?1020848 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/31823 - Broken Link, Vendor Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/2558 - Broken Link, Vendor Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/2525 - Broken Link, Vendor Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html - Mailing List, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/31900 - Broken Link, Vendor Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html - Mailing List, Vendor Advisory | |
CWE | CWE-330 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
Information
Published : 2008-09-11 01:13
Updated : 2024-02-28 11:21
NVD link : CVE-2008-3612
Mitre link : CVE-2008-3612
CVE.ORG link : CVE-2008-3612
JSON object : View
Products Affected
apple
- iphone_os
CWE
CWE-330
Use of Insufficiently Random Values