Vulnerabilities > CVE-2008-3632 - Resource Management Errors vulnerability in Apple Iphone, Iphone OS and Ipod Touch
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 14 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_0_WEBKITGTK-080920.NASL description A flaw in the CSS loader of the WebKit engine could crash programs and potentially allows execution of arbitrary code (CVE-2008-3632). last seen 2020-06-01 modified 2020-06-02 plugin id 39903 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39903 title openSUSE Security Update : WebKitGtk (WebKitGtk-212) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update WebKitGtk-212. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(39903); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-3632"); script_name(english:"openSUSE Security Update : WebKitGtk (WebKitGtk-212)"); script_summary(english:"Check for the WebKitGtk-212 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "A flaw in the CSS loader of the WebKit engine could crash programs and potentially allows execution of arbitrary code (CVE-2008-3632)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=427349" ); script_set_attribute( attribute:"solution", value:"Update the affected WebKitGtk packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:WebKitGtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:WebKitGtk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libWebKitGtk0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"WebKitGtk-1.0.29509-49.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"WebKitGtk-devel-1.0.29509-49.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"libWebKitGtk0-1.0.29509-49.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "WebKitGtk / WebKitGtk-devel / libWebKitGtk0"); }NASL family Windows NASL id SAFARI_4.0.NASL description The version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 39339 published 2009-06-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39339 title Safari < 4.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(39339); script_version("1.30"); script_cvs_date("Date: 2018/07/27 18:38:15"); script_cve_id("CVE-2006-2783", "CVE-2008-1588", "CVE-2008-2320", "CVE-2008-2321", "CVE-2008-3281", "CVE-2008-3529", "CVE-2008-3632", "CVE-2008-4225", "CVE-2008-4226", "CVE-2008-4231", "CVE-2008-4409", "CVE-2009-0040", "CVE-2009-0145", "CVE-2009-0153", "CVE-2009-0946", "CVE-2009-1179", "CVE-2009-1681", "CVE-2009-1682", "CVE-2009-1684", "CVE-2009-1685", "CVE-2009-1686", "CVE-2009-1687", "CVE-2009-1688", "CVE-2009-1689", "CVE-2009-1690", "CVE-2009-1691", "CVE-2009-1693", "CVE-2009-1694", "CVE-2009-1695", "CVE-2009-1696", "CVE-2009-1697", "CVE-2009-1698", "CVE-2009-1699", "CVE-2009-1700", "CVE-2009-1701", "CVE-2009-1702", "CVE-2009-1703", "CVE-2009-1704", "CVE-2009-1705", "CVE-2009-1706", "CVE-2009-1707", "CVE-2009-1708", "CVE-2009-1709", "CVE-2009-1710", "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1714", "CVE-2009-1715", "CVE-2009-1716", "CVE-2009-1718", "CVE-2009-2027", "CVE-2009-2420", "CVE-2009-2421"); script_bugtraq_id(30487, 31092, 32326, 33276, 35260, 35270, 35271, 35272, 35283, 35284, 35308, 35309, 35310, 35311, 35315, 35317, 35318, 35319, 35320, 35321, 35322, 35325, 35327, 35328, 35330, 35331, 35332, 35333, 35334, 35339, 35340, 35344, 35346, 35347, 35348, 35349, 35350, 35351, 35352, 35353, 35481, 35482); script_name(english:"Safari < 4.0 Multiple Vulnerabilities"); script_summary(english:"Checks Safari's version number"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by several vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit"); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3613"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Jun/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/17079"); script_set_attribute(attribute:"solution", value:"Upgrade to Safari 4.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 94, 119, 189, 200, 255, 264, 310, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("safari_installed.nasl"); script_require_keys("SMB/Safari/FileVersion"); exit(0); } include("global_settings.inc"); path = get_kb_item("SMB/Safari/Path"); version = get_kb_item("SMB/Safari/FileVersion"); if (isnull(version)) exit(0); ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if ( ver[0] < 4 || ( ver[0] == 4 && ( ver[1] < 530 || (ver[1] == 530 && ver[2] < 17) ) ) ) { if (report_verbosity > 0) { if (isnull(path)) path = "n/a"; prod_version = get_kb_item("SMB/Safari/ProductVersion"); if (!isnull(prod_version)) version = prod_version; report = string( "\n", "Nessus collected the following information about the current install\n", "of Safari on the remote host :\n", "\n", " Version : ", version, "\n", " Path : ", path, "\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBQTWEBKIT-DEVEL-080920.NASL description A flaw in the CSS loader of the WebKit engine could crash programs and potentially allows execution of arbitrary code (CVE-2008-3632). This update also fixes unrelated problems with printing. last seen 2020-06-01 modified 2020-06-02 plugin id 40021 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40021 title openSUSE Security Update : libQtWebKit-devel (libQtWebKit-devel-216) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libQtWebKit-devel-216. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40021); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-3632"); script_name(english:"openSUSE Security Update : libQtWebKit-devel (libQtWebKit-devel-216)"); script_summary(english:"Check for the libQtWebKit-devel-216 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "A flaw in the CSS loader of the WebKit engine could crash programs and potentially allows execution of arbitrary code (CVE-2008-3632). This update also fixes unrelated problems with printing." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=384674" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=426919" ); script_set_attribute( attribute:"solution", value:"Update the affected libQtWebKit-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libQtWebKit-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libQtWebKit4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-qt3support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-x11-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt4-x11-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"libQtWebKit-devel-4.4.0-12.3") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"libQtWebKit4-4.4.0-12.3") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"libqt4-4.4.0-12.4") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"libqt4-devel-4.4.0-12.4") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"libqt4-qt3support-4.4.0-12.4") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"libqt4-sql-4.4.0-12.4") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"libqt4-sql-sqlite-4.4.0-12.4") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"libqt4-x11-4.4.0-12.4") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"qt4-x11-tools-4.4.0-12.3") ) flag++; if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"libqt4-32bit-4.4.0-12.4") ) flag++; if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"libqt4-qt3support-32bit-4.4.0-12.4") ) flag++; if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"libqt4-sql-32bit-4.4.0-12.4") ) flag++; if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"libqt4-x11-32bit-4.4.0-12.4") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libQtWebKit-devel / libQtWebKit4 / libqt4 / libqt4-32bit / etc"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-676-1.NASL description It was discovered that WebKit did not properly handle Cascading Style Sheets (CSS) import statements. If a user were tricked into opening a malicious website, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37177 published 2009-04-23 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37177 title Ubuntu 8.10 : webkit vulnerability (USN-676-1) NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI4_0.NASL description The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0. As such, it is potentially affected by numerous issues in the following components : - CFNetwork - libxml - Safari - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 39338 published 2009-06-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39338 title Mac OS X : Apple Safari < 4.0
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 31092 CVE ID:CVE-2008-3631 CVE-2008-3612 CVE-2008-3632 CNCVE ID:CNCVE-20083631 CNCVE-20083612 CNCVE-20083632 Apple iPod Touch是一款苹果公司发布的MP4播放器。 Apple iPod Touch存在多个安全问题,远程攻击者可以利用漏洞允许用户伪造WEB站点,获得敏感信息及任意代码执行等攻击。 CVE-ID: CVE-2008-3631: 应用程序'沙盒'没有在第三方应用程序间进行正确的访问限制,允许第三方应用程序读取其他第三方应用程序'沙盒'中的文件内容。导致敏感信息泄漏。 CVE-ID: CVE-2008-3612: 可预测的TCP初始化序列号生成可导致TCP伪造或会话劫持攻击。 CVE-ID: CVE-2008-3632: 特殊构建的WEB站点可导致应用程序终止或任意代码执行攻击。 Apple iPod Touch 2.0.2 Apple iPod Touch 2.0.1 Apple iPod Touch 1.1.4 Apple iPod Touch 1.1.3 Apple iPod Touch 1.1.2 Apple iPod Touch 1.1.1 Apple iPod Touch 2.0 Apple iPod Touch 1.1 Apple iPod Touch 升级到最新版本: <a href=http://www.apple.com/ipodtouch/ target=_blank>http://www.apple.com/ipodtouch/</a> |
| id | SSV:4027 |
| last seen | 2017-11-19 |
| modified | 2008-09-11 |
| published | 2008-09-11 |
| reporter | Root |
| title | Apple iPod Touch 2.1版本之前多个远程漏洞 |
References
- http://www.securityfocus.com/bid/31092
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
- http://support.apple.com/kb/HT3129
- http://secunia.com/advisories/31900
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
- http://secunia.com/advisories/31823
- http://secunia.com/advisories/32099
- http://www.securitytracker.com/id?1020847
- http://support.apple.com/kb/HT3026
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
- http://www.vupen.com/english/advisories/2009/1522
- http://secunia.com/advisories/35379
- http://support.apple.com/kb/HT3613
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://www.vupen.com/english/advisories/2008/2558
- http://www.vupen.com/english/advisories/2008/2525
- http://www.ubuntu.com/usn/USN-676-1
- http://secunia.com/advisories/32860