lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 2 Jun 2009 17:20:46 -0500
From: Will Drewry <redpig@...aspill.org>
To: dvlabs <dvlabs@...pingpoint.com>
Cc: FD <full-disclosure@...ts.grok.org.uk>,
	bugtraq <bugtraq@...urityfocus.com>,
	ZDI Disclosures <zdi-disclosures@...pingpoint.com>
Subject: Re: TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer 
	Overflow Vulnerabilities

Here's the (mac) exploit module to go along with my simul-report to
apple:  http://static.dataspill.org/releases/itunes/itms_overflow.rb

On Tue, Jun 2, 2009 at 3:27 PM, dvlabs <dvlabs@...pingpoint.com> wrote:
> TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer Overflow
> Vulnerabilities
> http://dvlabs.tippingpoint.com/advisory/TPTI-09-03
> June 2, 2009
>
> -- CVE ID:
> CVE-2009-0950
>
> -- Affected Vendors:
> Apple
>
> -- Affected Products:
> Apple iTunes
>
> -- TippingPoint(TM) IPS Customer Protection:
> TippingPoint IPS customers have been protected against this
> vulnerability by Digital Vaccine protection filter ID 8013.
> For further product information on the TippingPoint IPS, visit:
>
>    http://www.tippingpoint.com
>
> -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of Apple iTunes. User interaction is required
> to exploit this vulnerability in that the target must visit a malicious
> page.
>
> The specific flaw exists in the URL handlers associated with iTunes.
> When processing URLs via the protocol handlers "itms", "itmss", "daap",
> "pcast", and "itpc" an exploitable stack overflow occurs. Successful
> exploitation can lead to a remote system compromise under the
> credentials of the currently logged in user.
>
> -- Vendor Response:
> Apple has issued an update to correct this vulnerability. More
> details can be found at:
>
> http://support.apple.com/kb/HT3592
>
> -- Disclosure Timeline:
> 2009-04-09 - Vulnerability reported to vendor
> 2009-06-02 - Coordinated public release of advisory
>
> -- Credit:
> This vulnerability was discovered by:
>    * James King, TippingPoint DVLabs
>
>

Powered by blists - more mailing lists