SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Multimedia)  >   iTunes Vendors:   Apple Computer
iTunes Windows Driver Integer Overflow Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1020839
SecurityTracker URL:  http://securitytracker.com/id/1020839
CVE Reference:   CVE-2008-3636   (Links to External Site)
Date:  Sep 9 2008
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.0
Description:   A vulnerability was reported in iTunes. A local user can obtain elevated privileges on the target system.

A local user can trigger an integer overflow in a third-party driver provided with iTunes to execute arbitrary commands on the target system with system privileges.

Only Windows-based systems are affected.

Ruben Santamarta of Wintercore reported this vulnerability.

Impact:   A local user can obtain system privileges on the target system.
Solution:   The vendor has issued a fixed version (8.0), available at:

http://www.apple.com/itunes/download/

The vendor's advisory is available at:

http://support.apple.com/kb/HT1222

Vendor URL:  www.apple.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents

Date:  Tue, 9 Sep 2008 12:31:53 -0700
Subject:  APPLE-SA-2009-09-09 iTunes 8.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2009-09-09 iTunes 8.0

iTunes 8.0 is now available and addresses the following issues:

iTunes
CVE-ID:  CVE-2008-3634
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact:  Firewall warning dialog in iTunes is misleading
Description:  When the firewall is configured to block iTunes Music
Sharing and the user enables iTunes Music Sharing in iTunes, a
warning dialog is displayed which incorrectly informs the user that
unblocking iTunes Music Sharing doesn't affect the firewall's
security. Allowing iTunes Music Sharing or any other service through
the firewall inherently affects security by exposing the service to
remote entities. This update addresses the issue by refining the text
in the warning dialog. This issue does not affect systems running Mac
OS X v10.5 or later. Credit info to Eric Hall of DarkArt Consulting
Services, Inc. for reporting this issue.

iTunes
CVE-ID:  CVE-2008-3636
Available for:  Windows XP or Vista
Impact:  A local user may gain system privileges
Description:  A third-party driver provided with iTunes may trigger
an integer overflow, and could allow a local user to obtain system
privileges. Credit to Ruben Santamarta of Wintercore for reporting
this issue.

iTunes 8.0 may be obtained from:
http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named:  "iTunes8.dmg"
Its SHA-1 digest is:  af54727e4b2e0e6bb0c367b34ae5075f36096aef

For Windows XP / Vista:
The download file is named:  "iTunes8Setup.exe"
Its SHA-1 digest is:  5d4ff8ffbe9feeaed67deb317797c1d71a03c359

For Windows XP / Vista 64 Bit:
The download file is named:  "iTunes864Setup.exe"
Its SHA-1 digest is:  86df5d9899a8dad82b893309dc18672e3d2cccd0

Information will also be posted to the Apple Security Updates
web site:  http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: 9.7.2.1608

wsBVAwUBSMbO0XkodeiKZIkBAQgKnAf/e2KzDHS44/JZthQXFTDenrDAEST2YRX4
SEECbifKVUZQJENjxJyzw6ViRK22VkjncE1dcQs0NvRnds+6iDZwN9T5tk/+QBI7
tcv0rQR7nJC0is7Q7p+As8grK4Pjsswjj5mhuk/tuIjO5tvHeprKqPQs3C3ad3DG
C9WluCX9yTi+aVMMPKPLjvT6jAciF8hlPjePNOkf+bWpLx2GZPVRYQvn9guUArtr
JdMUlIu2WCsS7doumNBiZ0ec3U9EAs2zvqks2PfSngKdVea32ryxY2D6OVWxX/h/
wQSCu3U2Na2ljk6wDHJMB2sBqpvcDyFqiCRntAeEfGpkQ51fOF/AjQ==
=jmQc
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC