The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.
References
Configurations
History
21 Nov 2024, 00:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html - Mailing List, Vendor Advisory | |
References | () http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html - Mailing List, Vendor Advisory | |
References | () http://secunia.com/advisories/31823 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/31900 - Broken Link, Vendor Advisory | |
References | () http://support.apple.com/kb/HT3026 - Vendor Advisory | |
References | () http://support.apple.com/kb/HT3129 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/31092 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1020848 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2008/2525 - Broken Link, Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2008/2558 - Broken Link, Vendor Advisory |
14 Feb 2024, 16:07
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apple iphone Os
|
|
CPE | cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:* cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:* cpe:2.3:h:apple:iphone:2.0.2:*:*:*:*:*:*:* cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:* cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:* |
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
References | (BID) http://www.securityfocus.com/bid/31092 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECTRACK) http://www.securitytracker.com/id?1020848 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/31823 - Broken Link, Vendor Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/2558 - Broken Link, Vendor Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/2525 - Broken Link, Vendor Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html - Mailing List, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/31900 - Broken Link, Vendor Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html - Mailing List, Vendor Advisory | |
CWE | CWE-330 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
Information
Published : 2008-09-11 01:13
Updated : 2024-11-21 00:49
NVD link : CVE-2008-3612
Mitre link : CVE-2008-3612
CVE.ORG link : CVE-2008-3612
JSON object : View
Products Affected
apple
- iphone_os
CWE
CWE-330
Use of Insufficiently Random Values