CVE-2010-2973

Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.exploit-db.com/exploits/14538	Exploit
http://www.securityfocus.com/bid/42151
http://osvdb.org/66827
http://secunia.com/advisories/40807	Vendor Advisory
http://support.apple.com/kb/HT4292
http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html
http://support.apple.com/kb/HT4291

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:apple:iphone_os:4.0:-:iphone:::::*
	cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:::::*
	cpe:2.3:o:apple:iphone_os:4.0:::::::*

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.0:::::::*

cpe:2.3:h:apple:ipad:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:::::*
	cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:::::*
	cpe:2.3:o:apple:iphone_os:4.0:::::::*

cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*

Information

Published : 2010-08-05 11:17

Updated : 2022-08-09 06:49

NVD link : CVE-2010-2973

Mitre link : CVE-2010-2973

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

apple

iphone_os
ipod_touch
ipad

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.exploit-db.com/exploits/14538", "name": "14538", "tags": ["Exploit"], "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/bid/42151", "name": "42151", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/66827", "name": "66827", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/40807", "name": "40807", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://support.apple.com/kb/HT4292", "name": "http://support.apple.com/kb/HT4292", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html", "name": "APPLE-SA-2010-08-11-2", "tags": [], "refsource": "APPLE"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html", "name": "APPLE-SA-2010-08-11-1", "tags": [], "refsource": "APPLE"}, {"url": "http://support.apple.com/kb/HT4291", "name": "http://support.apple.com/kb/HT4291", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2973", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2010-08-05T18:17Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:-:iphone:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:apple:ipad:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-09T13:49Z"}

6.9 /10