Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2795

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2009-2795
Last Modified 22 Oct 2012 11:09:55
Published 10 Sep 2009 05:30:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-2795

Summary

Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing."

Vulnerable Systems

Operating System

  • Apple Iphone Os 1.0

  • Apple Iphone Os 1.0.1

  • Apple Iphone Os 1.0.2

  • Apple Iphone Os 1.1

  • Apple Iphone Os 1.1.0

  • Apple Iphone Os 1.1.1

  • Apple Iphone Os 1.1.2

  • Apple Iphone Os 1.1.3

  • Apple Iphone Os 1.1.4

  • Apple Iphone Os 1.1.5

  • Apple Iphone Os 2.0

  • Apple Iphone Os 2.0.0

  • Apple Iphone Os 2.0.1

  • Apple Iphone Os 2.0.2

  • Apple Iphone Os 2.1

  • Apple Iphone Os 2.1.1

  • Apple Iphone Os 2.2

  • Apple Iphone Os 2.2.1

  • Apple Iphone Os 3.0

  • Apple Iphone Os 3.0.1


References

CONFIRM - http://support.apple.com/kb/HT3860

APPLE - APPLE-SA-2009-09-09-1

SECUNIA - 36677

XF - ipod-iphone-recoverymode-bo(53183)

BID - 36341


Last Updated: 27 May 2016 10:51:45