Details of VAR-201209-0368

ID

VAR-201209-0368

CVE

CVE-2012-3729

TITLE

Apple iOS Vulnerabilities in which important information is obtained in the kernel

Trust: 0.8

sources: JVNDB: JVNDB-2012-004536

DESCRIPTION

The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to an information-disclosure vulnerability. An attacker can exploit this issue to view content from the kernel memory. This may allow the attacker to obtain sensitive information or aid in further attacks. Note: This issue was previously discussed in BID 55612 (Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. The vulnerability stems from accessing uninitialized memory locations

Trust: 1.98

sources: NVD: CVE-2012-3729 // JVNDB: JVNDB-2012-004536 // BID: 56272 // VULHUB: VHN-57010

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.5	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.8	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.3	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.5	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	5.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (iphone 3gs or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipod touch first 4 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	5.1.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	4.0.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	iphone ipad	scope:	eq	version:	3.2.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios beta	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 56272 // JVNDB: JVNDB-2012-004536 // CNNVD: CNNVD-201209-450 // NVD: CVE-2012-3729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3729
value:	LOW
Trust: 1.0
NVD:	CVE-2012-3729
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201209-450
value:	LOW
Trust: 0.6
VULHUB:	VHN-57010
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2012-3729
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57010
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57010 // JVNDB: JVNDB-2012-004536 // CNNVD: CNNVD-201209-450 // NVD: CVE-2012-3729

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-57010 // JVNDB: JVNDB-2012-004536 // NVD: CVE-2012-3729

THREAT TYPE

local

Trust: 0.9

sources: BID: 56272 // CNNVD: CNNVD-201209-450

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201209-450

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004536

PATCH

title:	APPLE-SA-2012-09-19-1	url:	http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2012-004536

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3729	Trust: 2.8
db:	OSVDB	id:	85627	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-004536	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-450	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-09-19-1	Trust: 0.6
db:	BID	id:	56272	Trust: 0.4
db:	VULHUB	id:	VHN-57010	Trust: 0.1

sources: VULHUB: VHN-57010 // BID: 56272 // JVNDB: JVNDB-2012-004536 // CNNVD: CNNVD-201209-450 // NVD: CVE-2012-3729

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5503	Trust: 1.7
url:	http://osvdb.org/85627	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/78724	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3729	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu624491/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3729	Trust: 0.8
url:	http://www.apple.com/iphone/softwareupdate/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-57010 // BID: 56272 // JVNDB: JVNDB-2012-004536 // CNNVD: CNNVD-201209-450 // NVD: CVE-2012-3729

CREDITS

Dan Rosenberg

Trust: 0.3

sources: BID: 56272

SOURCES

db:	VULHUB	id:	VHN-57010
db:	BID	id:	56272
db:	JVNDB	id:	JVNDB-2012-004536
db:	CNNVD	id:	CNNVD-201209-450
db:	NVD	id:	CVE-2012-3729

LAST UPDATE DATE

2025-04-11T22:25:11.654000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57010	date:	2017-08-29T00:00:00
db:	BID	id:	56272	date:	2015-03-19T09:16:00
db:	JVNDB	id:	JVNDB-2012-004536	date:	2012-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201209-450	date:	2012-09-24T00:00:00
db:	NVD	id:	CVE-2012-3729	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57010	date:	2012-09-20T00:00:00
db:	BID	id:	56272	date:	2012-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2012-004536	date:	2012-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201209-450	date:	2012-09-24T00:00:00
db:	NVD	id:	CVE-2012-3729	date:	2012-09-20T21:55:03.423