CVE-2011-3441 - Information Leak / Disclosure vulnerability in Apple Iphone OS

Publication

2011-11-11

Last modification

2012-02-04

Summary

libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.

Description

Apple iOS is prone to an information-disclosure vulnerability that affects the Libinfo component.An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.The following Apple systems are vulnerable:iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4SiOS 3.1 through 5.0 for iPod touch (3rd generation) and lateiOS 3.2 through 5.0 for iPadiOS 4.3 through 5.0 for iPad

Solution

Vendor updates are available. Please see the references for more information. Apple Mac Os X Server 10.7.2 Apple MacOSXServerUpd10.7.3.dmg For OS X Lion Server v10.7.2 http://www.apple.com/support/downloads/ Apple Mac Os X 10.7.1 Apple MacOSXUpdCombo10.7.3.dmg For OS X Lion v10.7 and v10.7.1 http://www.apple.com/support/downloads/ Apple Mac Os X 10.7.2 Apple MacOSXUpd10.7.3.dmg For OS X Lion v10.7.2 http://www.apple.com/support/downloads/ Apple Mac Os X Server 10.7 Apple MacOSXServerUpdCombo10.7.3.dmg For OS X Lion Server v10.7 and v10.7.1 http://www.apple.com/support/downloads/ Apple Mac Os X Server 10.7.1 Apple MacOSXServerUpdCombo10.7.3.dmg For OS X Lion Server v10.7 and v10.7.1 http://www.apple.com/support/downloads/

Exploit

An attacker can exploit this issue by enticing an unsuspecting user to visit a crafted site.

Classification

CWE-200 - Information Leak / Disclosure

Risk level (CVSS AV:N/AC:M/Au:N/C:P/I:N/A:N)

Medium

4.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Apple Iphone OS  4.2.9 , 3.1.2 , 3.0 , 2.0.2 , 4.1 , 1.0 , 3.2 , 1.0.1 , 3.0.1 , 2.2 , 2.1.1 , 2.0.1 , 1.1 , 4.2.5 , 2.2.1 , 4.3.0 , 3.1.3 , 4.3.1 , 3.1 , 5.0 , 1.1.4 , 1.1.1 , 4.0.1 , 4.2.8 , 1.0.2 , 4.2 , 4.3.3 , 2.0 , 4.3.5 , 1.1.0 , 3.2.1 , 4.2.1 , 4.3.4 , 3.2.2 , 1.1.3 , 4.3.2 , 4.0.2 , 2.1 , 4.0 , 2.0.0 , 1.1.5 , 1.1.2 , 1.0.0