Apple iTunes Misleading Firewall Warning Weakness
BID:31090
Info
Apple iTunes Misleading Firewall Warning Weakness
| Bugtraq ID: | 31090 |
| Class: | Design Error |
| CVE: |
CVE-2008-3634 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 09 2008 12:00AM |
| Updated: | Sep 09 2008 11:20PM |
| Credit: | Eric Hall of DarkArt Consulting Services, Inc. |
| Vulnerable: |
eSignal eSignal 6.0.2 Apple Mac OS X Server 10.4.11 Apple Mac OS X 10.4.11 Apple iTunes 7.3.2 Apple iTunes 7.3.1 Apple iTunes 7.3 Apple iTunes 7.0.2 Apple iTunes 6.0.5 Apple iTunes 6.0.4 Apple iTunes 6.0.3 Apple iTunes 6.0.1 Apple iTunes 6.0 Apple iTunes 5.0 Apple iTunes 4.8 Apple iTunes 4.7.1 Apple iTunes 4.7 Apple iTunes 4.6 Apple iTunes 4.5 Apple iTunes 4.2 .72 Apple iTunes 7.4 |
| Not Vulnerable: |
Apple iTunes 8.0 |
Discussion
Apple iTunes Misleading Firewall Warning Weakness
Apple iTunes is prone to a weakness caused by a misleading firewall warning that conveys erroneous information to users.
This issue may lead to a false sense of security, potentially aiding in network-based attacks.
Versions prior to Apple iTunes 8.0 are vulnerable to this issue.
Apple iTunes is prone to a weakness caused by a misleading firewall warning that conveys erroneous information to users.
This issue may lead to a false sense of security, potentially aiding in network-based attacks.
Versions prior to Apple iTunes 8.0 are vulnerable to this issue.
Exploit / POC
Apple iTunes Misleading Firewall Warning Weakness
Exploiting this issue does not require specific exploit code, but any vulnerability that this issue exposes may require exploit code.
Exploiting this issue does not require specific exploit code, but any vulnerability that this issue exposes may require exploit code.
Solution / Fix
Apple iTunes Misleading Firewall Warning Weakness
Solution:
Apple has released an advisory along with fixes. Please see the references for more information.
Apple iTunes 7.4
Apple iTunes 4.2 .72
Apple iTunes 4.5
Apple iTunes 4.6
Apple iTunes 4.7
Apple iTunes 4.7.1
Apple iTunes 4.8
Apple iTunes 5.0
Apple iTunes 6.0
Apple iTunes 6.0.1
eSignal eSignal 6.0.2
Apple iTunes 6.0.3
Apple iTunes 6.0.4
Apple iTunes 6.0.5
Apple iTunes 7.0.2
Apple iTunes 7.3
Apple iTunes 7.3.1
Apple iTunes 7.3.2
Solution:
Apple has released an advisory along with fixes. Please see the references for more information.
Apple iTunes 7.4
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 4.2 .72
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 4.5
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 4.6
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 4.7
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 4.7.1
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 4.8
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 5.0
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 6.0
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 6.0.1
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
eSignal eSignal 6.0.2
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 6.0.3
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 6.0.4
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 6.0.5
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 7.0.2
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 7.3
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 7.3.1
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/
Apple iTunes 7.3.2
-
Apple iTunes8.dmg
http://www.apple.com/itunes/download/