Vulnerabilities > CVE-2009-2815 - Resource Management Errors vulnerability in Apple Iphone OS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Seebug
bulletinFamily | exploit |
description | Bugraq ID: 36336 CVE ID:CVE-2009-2815 iPhone是一款苹果公司发布的智能手机。 iPhone处理到知通告的SMS消息存在NULL指针应用错误,发送特殊构建的SMS消息可导致服务中断,造成拒绝服务攻击。 Apple iPhone 3.0.1 Apple iPhone 2.2.1 Apple iPhone 2.0.2 Apple iPhone 2.0.1 Apple iPhone 1.1.4 Apple iPhone 1.1.3 Apple iPhone 1.1.2 Apple iPhone 1.1.1 Apple iPhone 1.0.2 Apple iPhone 1.0.1 Apple iPhone 3.0 Apple iPhone 2.2 Apple iPhone 2.1 Apple iPhone 2.0 Apple iPhone 1.1 Apple iPhone 1 用户可联系供应商获得最新程序Apple iPhone 3.1: http://www.apple.com/iphone/ |
id | SSV:12276 |
last seen | 2017-11-19 |
modified | 2009-09-11 |
published | 2009-09-11 |
reporter | Root |
title | Apple iPhone 3.1之前版本SMS消息NULL指针引用漏洞 |