CVE-2010-2973

Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html
http://osvdb.org/66827
http://secunia.com/advisories/40807	Vendor Advisory
http://support.apple.com/kb/HT4291
http://support.apple.com/kb/HT4292
http://www.exploit-db.com/exploits/14538	Exploit
http://www.securityfocus.com/bid/42151

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:apple:iphone_os:4.0:::::::*
	cpe:2.3:o:apple:iphone_os:4.0:-:iphone:::::*
	cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:::::*

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:apple:iphone_os:4.0:::::::*
	cpe:2.3:o:apple:iphone_os:4.0.1:::::::*

cpe:2.3:h:apple:ipad:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:apple:iphone_os:4.0:::::::*
	cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:::::*
	cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:::::*

cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-08-05 18:17

Updated : 2024-02-28 11:41

NVD link : CVE-2010-2973

Mitre link : CVE-2010-2973

CVE.ORG link : CVE-2010-2973

JSON object : View

Products Affected

apple

ipod_touch
ipad
iphone_os

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2010-2973", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-08-05T18:17:58.197", "references": [{"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html", "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/66827", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/40807", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT4291", "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT4292", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/14538", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/42151", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe."}, {"lang": "es", "value": "Un desbordamiento de enteros en IOSurface en Apple iOS anterior a versi\u00f3n 4.0.2 en el iPhone y iPod touch, y anterior a versi\u00f3n 3.2.2 en la iPad, permite a los usuarios locales alcanzar privilegios por medio de vectores que involucran las propiedades de IOSurface, como es demostrado por JailbreakMe."}], "lastModified": "2022-08-09T13:49:00.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7"}, {"criteria": "cpe:2.3:o:apple:iphone_os:4.0:-:iphone:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "954CDDCB-AC22-448D-8ECA-CFA4DBA1BC27"}, {"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6"}, {"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECE983F6-A597-4581-A254-80396B54F2D5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7"}, {"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:apple:ipad:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BAADE29A-712B-4AD5-A78B-6AD537BA9196"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7"}, {"criteria": "cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54FECD66-4216-43FC-9959-B8EA9545449C"}, {"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6"}, {"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "586C0CB3-98E5-4CB3-8F23-27F01233D6C4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1"}], "operator": "OR"}], "operator": "AND"}], "evaluatorImpact": "Per: http://xforce.iss.net/xforce/xfdb/60856\r\n\r\n'Platforms Affected:\r\n\r\n * Apple iPhone OS 4.0 iPodtouch\r\n * Apple iPhone OS 4.0\r\n * Apple iPhone OS 4.0.1 iPodtouch\r\n * Apple iPhone OS 4.0.1 '\r\n\r\n\r\nPer: http://www.securityfocus.com/bid/42151/discuss\r\n\r\n'versions 4.0.1 and prior are vulnerable.'", "sourceIdentifier": "cve@mitre.org"}