Apple iOS FreeType CVE-2011-3439 Multiple Memory Corruption Vulnerabilities
BID:50643
Info
Apple iOS FreeType CVE-2011-3439 Multiple Memory Corruption Vulnerabilities
| Bugtraq ID: | 50643 |
| Class: | Unknown |
| CVE: |
CVE-2011-3439 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 10 2011 12:00AM |
| Updated: | Apr 13 2015 09:19PM |
| Credit: | Apple |
| Vulnerable: |
Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Server for VMware 11 SP1 SuSE SUSE Linux Enterprise Server 11 SP1 SuSE SUSE Linux Enterprise Server 10 SP4 SuSE SUSE Linux Enterprise Server 10 SP2 SuSE SUSE Linux Enterprise SDK 11 SP1 SuSE SUSE Linux Enterprise Desktop 11 SP1 SuSE SUSE Linux Enterprise Desktop 10 SP4 SuSE openSUSE 11.4 SuSE openSUSE 11.3 Sun Solaris 10_x86 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop version 4 Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux EUS 5.6.z server Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 Oracle Enterprise Linux 4 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Gentoo Linux FreeType FreeType 2.4.7 FreeType FreeType 2.4.5 FreeType FreeType 2.4.3 FreeType FreeType 2.4.2 FreeType FreeType 2.4 FreeType FreeType 2.3.9 FreeType FreeType 2.3.6 FreeType FreeType 2.3.5 FreeType FreeType 2.3.4 FreeType FreeType 2.3.3 FreeType FreeType 2.2.10 FreeType FreeType 2.2.1 FreeType FreeType 2.1.10 FreeType FreeType 2.1.9 FreeType FreeType 2.1.7 FreeType FreeType 2.0.9 FreeType FreeType 2.0.6 FreeType FreeType 2.3.11 FreeType FreeType 2.2 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 Avaya Voice Portal 4.1 Avaya Voice Portal 4.0 Avaya Proactive Contact 4.1.2 Avaya Proactive Contact 4.1.1 Avaya Proactive Contact 5.0 Avaya Proactive Contact 4.2.2 Avaya Proactive Contact 4.2.1 Avaya Proactive Contact 4.2 Avaya Proactive Contact 4.1 Avaya Proactive Contact 4.0.1 Avaya Proactive Contact 4.0 Avaya Messaging Storage Server 5.2.8 Avaya Messaging Storage Server 5.2.2 Avaya Messaging Storage Server 5.2 Avaya Messaging Storage Server 5.1 Avaya Messaging Storage Server 5.0 Avaya Messaging Storage Server 4.0 Avaya Message Networking 5.2.1 Avaya Message Networking 5.2.4 Avaya Message Networking 5.2.3 Avaya Message Networking 5.2.2 Avaya Message Networking 5.2 Avaya Message Networking 3.1 Avaya IQ 4.1 Avaya IQ 5.2 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya IQ 5 Avaya IQ 4.2 Avaya IQ 4.0 Avaya Communication Server 1000M Signaling Server 7.5 Avaya Communication Server 1000M Signaling Server 7.0 Avaya Communication Server 1000M Signaling Server 6.0 Avaya Communication Server 1000M 7.5 Avaya Communication Server 1000M 7.0 Avaya Communication Server 1000M 6.0 Avaya Communication Server 1000E Signaling Server 7.5 Avaya Communication Server 1000E Signaling Server 7.0 Avaya Communication Server 1000E Signaling Server 6.0 Avaya Communication Server 1000E 7.5 Avaya Communication Server 1000E 7.0 Avaya Communication Server 1000E 6.0 Avaya Aura System Platform 6.0.2 Avaya Aura System Platform 6.0.1 Avaya Aura System Platform 6.0 Avaya Aura System Platform 1.1 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 1.1 Avaya Aura Session Manager 1.0 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.1 Avaya Aura Presence Services 6.0 Avaya Aura Experience Portal 6.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 Avaya Aura Communication Manager Utility Services 6.1 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Application Server 5300 SIP Core 2.1 Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 beta Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 |
| Not Vulnerable: |
FreeType FreeType 2.4.8 Apple iOS 5.0.1 |
Discussion
Apple iOS FreeType CVE-2011-3439 Multiple Memory Corruption Vulnerabilities
Apple iOS is prone to multiple memory corruption vulnerabilities.
Successfully exploiting these issues will allow attackers to execute arbitrary code. Failed exploit attempts may cause denial-of-service conditions.
The following Apple systems are vulnerable:
iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later
iOS 3.2 through 5.0 for iPad
iOS 4.3 through 5.0 for iPad 2
Apple iOS is prone to multiple memory corruption vulnerabilities.
Successfully exploiting these issues will allow attackers to execute arbitrary code. Failed exploit attempts may cause denial-of-service conditions.
The following Apple systems are vulnerable:
iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later
iOS 3.2 through 5.0 for iPad
iOS 4.3 through 5.0 for iPad 2
Exploit / POC
Apple iOS FreeType CVE-2011-3439 Multiple Memory Corruption Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apple iOS FreeType CVE-2011-3439 Multiple Memory Corruption Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5
-
Mandriva libfreetype6-2.3.7-1.9mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libfreetype6-devel-2.3.7-1.9mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libfreetype6-static-devel-2.3.7-1.9mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
References
Apple iOS FreeType CVE-2011-3439 Multiple Memory Corruption Vulnerabilities
References:
References:
- CVE-2011-3439 Denial of Service (DoS) vulnerability in FreeType (Oracle)
- FreeType changelog (FreeType)
- freetype security update (RHSA-2011-1455) (Avaya)
- iOS Homepage (Apple)
- iPad Homepage (Apple)
- iPhone Product Page (Apple)
- iPod touch Product Page (Apple)