Vulnerabilities > CVE-2008-3636 - Numeric Errors vulnerability in Apple Itunes
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Peer-To-Peer File Sharing NASL id ITUNES_8_0_BANNER.NASL description The version of Apple iTunes on the remote host is prior to version 8.0. It is, therefore, affected by an integer buffer overflow vulnerability in an included third party driver. A local user can exploit this to gain system privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 34158 published 2008-09-10 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34158 title Apple iTunes < 8.0 Integer Buffer Overflow (uncredentialed check) NASL family Windows NASL id ITUNES_8_0.NASL description The version of Apple iTunes installed on the remote Windows host is older than 8.0. Such versions include a third-party driver that are affected by an integer buffer overflow that could allow a local user to gain system privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 34157 published 2008-09-10 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34157 title Apple iTunes < 8.0 Integer Buffer Overflow (credentialed check)
Oval
| accepted | 2015-06-22T04:00:46.317-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. | ||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:6035 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2008-09-17T13:25:15 | ||||||||||||||||||||||||||||||||
| title | Apple iTunes Local Privilege Escalation Vulnerability | ||||||||||||||||||||||||||||||||
| version | 15 |
Seebug
bulletinFamily exploit description CVE ID:CVE-2008-3636 CNCVE ID:CNCVE-20083636 多个Symantec产品存在漏洞,允许本地攻击者提升特权。 问题是由于第三方驱动 "GEARspiWDM.sys"在处理来自用户空间应用程序的数据时缺少输入验证错误,允许恶意用户多次调用"IoAttachDevice"而使Windows内核触发整数溢出,导致以SYSTEM权限执行任意代码。 Symantec Gear Device Driver 目前没有解决方案提供: <a href=http://www.symantec.com target=_blank>http://www.symantec.com</a> id SSV:4194 last seen 2017-11-19 modified 2008-10-13 published 2008-10-13 reporter Root title Symantec Gear Device Driver本地特权提升漏洞 bulletinFamily exploit description BUGTRAQ ID: 31089 CVE ID:CVE-2008-3636 CNCVE ID:CNCVE-20083636 Apple iTunes是一款媒体播放程序。 Apple iTunes提供的第三方驱动存在整数溢出,本地攻击者可以利用漏洞获得系统特权。 目前没有详细漏洞细节提供。 eSignal eSignal 6.0.2 Apple iTunes 7.3.2 Apple iTunes 7.3.1 Apple iTunes 7.3 Apple iTunes 7.0.2 Apple iTunes 6.0.5 Apple iTunes 6.0.4 Apple iTunes 6.0.3 Apple iTunes 6.0.1 Apple iTunes 6.0 Apple iTunes 7.4 升级到最新版本: Apple iTunes 7.4 Apple iTunes8Setup.exe <a href=https://swdlp.apple.com/cgi-bin/WebObjects/SoftwareDownloadApp.woa/140 target=_blank>https://swdlp.apple.com/cgi-bin/WebObjects/SoftwareDownloadApp.woa/140</a> 9/wo/MtdZoeP1oC9nnz5IOwriMg/2.5 Apple iTunes 6.0 Apple iTunes8Setup.exe <a href=https://swdlp.apple.com/cgi-bin/WebObjects/SoftwareDownloadApp.woa/140 target=_blank>https://swdlp.apple.com/cgi-bin/WebObjects/SoftwareDownloadApp.woa/140</a> 9/wo/MtdZoeP1oC9nnz5IOwriMg/2.5 id SSV:4029 last seen 2017-11-19 modified 2008-09-11 published 2008-09-11 reporter Root title Apple iTunes第三方驱动本地特权提升漏洞
References
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html
- http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html
- http://securitytracker.com/id?1020839
- http://support.apple.com/kb/HT3025
- http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf
- http://www.kb.cert.org/vuls/id/146896
- http://www.securityfocus.com/archive/1/497131/100/0/threaded
- http://www.securityfocus.com/bid/31089
- http://www.securitytracker.com/id?1020997
- http://www.securitytracker.com/id?1020998
- http://www.securitytracker.com/id?1020999
- http://www.symantec.com/avcenter/security/Content/2008.10.07a.html
- http://www.vupen.com/english/advisories/2008/2526
- http://www.vupen.com/english/advisories/2008/2769
- http://www.vupen.com/english/advisories/2008/2770
- http://www.wintercore.com/advisories/advisory_W021008.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6035