lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1689683728.20090723143316@Zoller.lu>
Date: Thu, 23 Jul 2009 14:33:16 +0200
From: Thierry Zoller <Thierry@...ler.lu>
To: bugtraq <bugtraq@...urityfocus.com>,
	full-disclosure <full-disclosure@...ts.grok.org.uk>,
	<info@...cl.etat.lu>, <vuln@...unia.com>, <cert@...t.org>,
	<nvd@...t.gov>, <cve@...re.org>
Subject: [GSEC-TZO-45-2009] iPhone remote code execution


Fell quite behind on this one, here it is.
___________________________________________________________________

      Phone &iPod Touch - Remote arbritary code execution
___________________________________________________________________


Reference : [GSEC-TZO-45-2009] - iPhone remote arbritary code execution
WWW       : http://www.g-sec.lu/iphone-remote-code-exec.html
CVE       : CVE-2009-1698
BID       : 35318
Credit    : http://support.apple.com/kb/HT3639
Discovered by : Thierry Zoller

Affected products :
- iPhone OS 1.x through 2.2.1
- iPhone OS for iPod touch 1.x through 2.2.1

I. Background
¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational corporation which designs and manufactures consumer electronics and software products. The company's best-known hardware products include "

II. Description
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Calling the CSS attr() attribute with a large number leads to memory corruption, heap spraying allows execution of code. 

III. Impact
¨¨¨¨¨¨¨¨¨¨¨
Arbitrary remote code execution can be achieved by creating a special website and entice
the victim into visiting that site.

IV. Proof of concept
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
None will be released


VI. About
¨¨¨¨¨¨¨¨¨¨
G-SEC ltd. is an independent security consultancy group, founded to
address the growing need for allround (effective) security consultancy 
in Luxembourg.

By providing extensive security auditing, rigid policy design, and 
implementation of cutting-edge defensive/offensive systems, G-SEC 
ensures robust, thorough, and  uncompromising protection for 
organizations seeking enterprise wide data security.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ