Details of VAR-200809-0206

ID

VAR-200809-0206

CVE

CVE-2008-3634

TITLE

Apple Mac OS X upper Apple iTunes Issue with incorrect information displayed on the firewall

Trust: 0.8

sources: JVNDB: JVNDB-2008-001678

DESCRIPTION

Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. This issue may lead to a false sense of security, potentially aiding in network-based attacks. Versions prior to Apple iTunes 8.0 are vulnerable to this issue

Trust: 1.98

sources: NVD: CVE-2008-3634 // JVNDB: JVNDB-2008-001678 // BID: 31090 // VULHUB: VHN-33759

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.3	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.8	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.7	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.6	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.5	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.72	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	2.0.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lte	version:	7.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	2.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1.30	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.9	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	1.1.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.4.11	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.4.11	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	8.0	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.11	Trust: 0.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4.11	Trust: 0.6
vendor:	esignal	model:	esignal	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	ne	version:	8.0	Trust: 0.3

sources: BID: 31090 // JVNDB: JVNDB-2008-001678 // CNNVD: CNNVD-200809-128 // NVD: CVE-2008-3634

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-3634
value:	LOW
Trust: 1.0
NVD:	CVE-2008-3634
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-200809-128
value:	LOW
Trust: 0.6
VULHUB:	VHN-33759
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2008-3634
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-33759
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-33759 // JVNDB: JVNDB-2008-001678 // CNNVD: CNNVD-200809-128 // NVD: CVE-2008-3634

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-33759 // JVNDB: JVNDB-2008-001678 // NVD: CVE-2008-3634

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200809-128

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200809-128

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-001678

PATCH

title:	iTunes 8.0	url:	http://support.apple.com/kb/HT3025	Trust: 0.8
title:	iTunes 8.0	url:	http://support.apple.com/kb/HT3025?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2008-001678

EXTERNAL IDS

db:	BID	id:	31090	Trust: 2.8
db:	NVD	id:	CVE-2008-3634	Trust: 2.8
db:	SECTRACK	id:	1020840	Trust: 2.5
db:	JVNDB	id:	JVNDB-2008-001678	Trust: 0.8
db:	APPLE	id:	APPLE-SA-2009-09-09	Trust: 0.6
db:	CNNVD	id:	CNNVD-200809-128	Trust: 0.6
db:	VULHUB	id:	VHN-33759	Trust: 0.1

sources: VULHUB: VHN-33759 // BID: 31090 // JVNDB: JVNDB-2008-001678 // CNNVD: CNNVD-200809-128 // NVD: CVE-2008-3634

REFERENCES

url:	http://www.securityfocus.com/bid/31090	Trust: 2.5
url:	http://securitytracker.com/id?1020840	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce//2008/sep/msg00001.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3634	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3634	Trust: 0.8
url:	http://www.apple.com/itunes/	Trust: 0.3

sources: VULHUB: VHN-33759 // BID: 31090 // JVNDB: JVNDB-2008-001678 // CNNVD: CNNVD-200809-128 // NVD: CVE-2008-3634

CREDITS

Eric Hall

Trust: 0.6

sources: CNNVD: CNNVD-200809-128

SOURCES

db:	VULHUB	id:	VHN-33759
db:	BID	id:	31090
db:	JVNDB	id:	JVNDB-2008-001678
db:	CNNVD	id:	CNNVD-200809-128
db:	NVD	id:	CVE-2008-3634

LAST UPDATE DATE

2025-04-10T22:29:02.477000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-33759	date:	2008-09-11T00:00:00
db:	BID	id:	31090	date:	2008-09-09T23:20:00
db:	JVNDB	id:	JVNDB-2008-001678	date:	2008-09-29T00:00:00
db:	CNNVD	id:	CNNVD-200809-128	date:	2008-09-11T00:00:00
db:	NVD	id:	CVE-2008-3634	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-33759	date:	2008-09-11T00:00:00
db:	BID	id:	31090	date:	2008-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2008-001678	date:	2008-09-29T00:00:00
db:	CNNVD	id:	CNNVD-200809-128	date:	2008-09-11T00:00:00
db:	NVD	id:	CVE-2008-3634	date:	2008-09-11T01:13:09.977