CVE-2011-3442

The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://support.apple.com/kb/HT5052	Vendor Advisory
http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html	Vendor Advisory
http://www.securitytracker.com/id?1026287

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:iphone_os:4.3.0:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.1:::::::*
	cpe:2.3:o:apple:iphone_os:5.0:-:ipad:::::*
	cpe:2.3:o:apple:iphone_os:5.0:-:iphone:::::*
	cpe:2.3:o:apple:iphone_os:4.3.2:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.3:::::::*
	cpe:2.3:o:apple:iphone_os:5.0:-:ipodtouch:::::*
	cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:::::*
	cpe:2.3:o:apple:iphone_os:5.0:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.4:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.5:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:::::*

Information

Published : 2011-11-11 10:55

Updated : 2012-02-14 20:10

NVD link : CVE-2011-3442

Mitre link : CVE-2011-3442

JSON object : View

CWE

CWE-399

Resource Management Errors

Advertisement

Products Affected

apple

iphone_os

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.apple.com/kb/HT5052", "name": "http://support.apple.com/kb/HT5052", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html", "name": "APPLE-SA-2011-11-10-1", "tags": ["Vendor Advisory"], "refsource": "APPLE"}, {"url": "http://www.securitytracker.com/id?1026287", "name": "1026287", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-3442", "ASSIGNER": "product-security@apple.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-11-11T18:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.0:-:ipad:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.0:-:iphone:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.0:-:ipodtouch:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2012-02-15T04:10Z"}