Vulnerability-Lookup

CVE-2008-3434 (GCVE-0-2008-3434)

Vulnerability from cvelistv5 – Published: 2008-08-01 14:00 – Updated: 2024-08-07 09:37

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://support.apple.com/kb/HT5030	x_refsource_CONFIRM
	http://www.infobyte.com.ar/down/Francisco%20Amato…	x_refsource_MISC
	http://lists.apple.com/archives/Security-announce…	vendor-advisoryx_refsource_APPLE
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.infobyte.com.ar/down/isr-evilgrade-1.0…	x_refsource_MISC
	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:37:27.087Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5030"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
          },
          {
            "name": "APPLE-SA-2011-11-14-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html"
          },
          {
            "name": "oval:org.mitre.oval:def:17136",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
          },
          {
            "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5030"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
        },
        {
          "name": "APPLE-SA-2011-11-14-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html"
        },
        {
          "name": "oval:org.mitre.oval:def:17136",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
        },
        {
          "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3434",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT5030",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5030"
            },
            {
              "name": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf",
              "refsource": "MISC",
              "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
            },
            {
              "name": "APPLE-SA-2011-11-14-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html"
            },
            {
              "name": "oval:org.mitre.oval:def:17136",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136"
            },
            {
              "name": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz",
              "refsource": "MISC",
              "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
            },
            {
              "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3434",
    "datePublished": "2008-08-01T14:00:00",
    "dateReserved": "2008-08-01T00:00:00",
    "dateUpdated": "2024-08-07T09:37:27.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3434\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-08-01T14:41:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.\"},{\"lang\":\"es\",\"value\":\"Apple iTunes anterior a versi\u00f3n 10.5.1, no comprueba apropiadamente la autenticidad de las actualizaciones, lo que permite a los atacantes de tipo man-in-the-middle ejecutar c\u00f3digo arbitrario por medio de una actualizaci\u00f3n de tipo caballo de troya, como es demostrado por el evilgrade y el envenenamiento de la cach\u00e9  de DNS.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0.5\",\"matchCriteriaId\":\"54BA0A48-E321-436A-8398-DB64C29CDC8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8659A87-1197-4C3B-A076-90FE3A453205\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E15C097-98DE-4217-8814-95B54CE418F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC4179C0-CA2C-42D7-AD72-A19668662A62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0A8AD07-07A4-4384-BE4D-8DB0F2E902A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AD3FBB2-EF88-42B5-8745-0DE5A3BB340C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA630BC5-DF1D-4602-A3AA-3319F3C5C9B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1EB1098-87E1-45DC-BD44-2B374BAA758C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49DD3B1C-1743-434B-B67F-A3C1B350059A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E27E1D8-0303-4F91-B1B0-38C64A8F04F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F995CF65-E3DD-4C54-B3F5-417C6F75D930\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44964DEC-DC35-4DCE-B28D-687348758163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8F1A117-8508-4274-99EA-D58F54EBBA6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C910CA4-5EA5-4507-BDE9-3E6C1434B666\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4490461A-84C7-42C3-A61B-4E6EF5980B47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D365C93F-D06C-4FB0-8192-A4E84B6B2F3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4B6A66A-AC5F-48E0-ABCE-68828207B106\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"071BFB1F-402B-4D8C-8155-671792AEDB81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCBA60E9-C5B5-4B4C-9FA3-7FE0F3F6871C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFB9D7E1-B715-4A93-9CDB-99A89C7D85B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07040FC1-6BFE-4E8F-A089-1166404BE33B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6573035-D208-4C4C-98A4-A7BA26C6AB15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B48FDD0A-6DE5-44DD-B144-32B91DB26C7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B591AE1E-02DB-462A-B71F-48947525D232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCD0C29E-FB9F-41DE-968F-46DD0EA55003\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2276BED4-82F0-4F62-AA6F-7E1667F28E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45D47548-1C4D-4368-99D1-929905DD6B3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28AE8D2D-63CA-4091-9D59-CE919EB1FD75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC9E22D2-551A-4CDF-B9F0-C45A3A2B7695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52A433A5-3EFF-405D-8285-97EC88857968\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT5030\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT5030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200808-0363

Vulnerability from variot - Updated: 2025-04-10 23:05

Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Apple From iTunes An update for has been released.Man-in-the-middle attacks (man-in-the-middle attack) Any software iTunes May appear to be an update. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Successful exploits will compromise the affected application and possibly the underlying computer. iTunes is a free application for iPod and iPhone media file management. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2011-11-14-1 iTunes 10.5.1

iTunes 10.5.1 is now available and addresses the following:

iTunes Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attacker may offer software that appears to originate from Apple Description: iTunes periodically checks for software updates using an HTTP request to Apple. If Apple Software Update for Windows is not installed, clicking the Download iTunes button may open the URL from the HTTP response in the user's default browser. This issue has been mitigated by using a secured connection when checking for available updates. For OS X systems, the user's default browser is not used because Apple Software Update is included with OS X, however this change adds additional defense-in-depth. CVE-ID CVE-2008-3434 : Francisco Amato of Infobyte Security Research

iTunes 10.5.1 may be obtained from: http://www.apple.com/itunes/download/

For Mac OS X: The download file is named: "iTunes10.5.1.dmg" Its SHA-1 digest is: 08f8ebe3f75d7b98a215750c08b7d6eff7c9ceb9

For Windows XP / Vista / Windows 7: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: bbe7ed41e62ef1eb345a12a68c1a81d351057952

For 64-bit Windows XP / Vista / Windows 7: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: c3e70eb77ab400470ef9451803c0e411eed6a689

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJOwLKNAAoJEGnF2JsdZQeecIgH/3TTYRa3C8GPQMDZJgdD0Wgh sktAAH3DWj3HbEluuieTyLkoIzXLluVrJCaLOIt0G79gF0wkW7fB6eXU3i2MFtS2 QYy6dKzZHEKSWlez+pPDnvBLD7KWFg74rz0MBDhhgmpxqHOfJ6CU0xFuojoIYvtP 7WpLtqRpEc1R2dR/y4ACwZWfhpdatZ+mv7Gjq++Nem3/+1MU3M88eGGmX/95qGTv F6dwxf0c2jhL/5mRqC7A0ybn6VQm0oeTxEN8lgr+NQ+BQdXpH4wNzxmhtRP0AmZ6 A8sENF6QBXf4J3+fCX6NqwvAwhTNUav7ApC4TMvN6fcAHzoTECvUIdpOBSKUD3E= =7US+ -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200808-0363",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.0.4.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.9"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.7.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "itunes",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "esignal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "esignal",
        "version": "6.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2.20"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "50672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003067"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-014"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3434"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:itunes",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003067"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Francisco Amato of Infobyte Security Research",
    "sources": [
      {
        "db": "BID",
        "id": "50672"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2008-3434",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2008-3434",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-33559",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-3434",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-3434",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200808-014",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-33559",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003067"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-014"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3434"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Apple From iTunes An update for has been released.Man-in-the-middle attacks (man-in-the-middle attack) Any software iTunes May appear to be an update. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Successful exploits will compromise the affected application and possibly the underlying computer. iTunes is a free application for iPod and iPhone media file management. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-11-14-1 iTunes 10.5.1\n\niTunes 10.5.1 is now available and addresses the following:\n\niTunes\nAvailable for:  Mac OS X v10.5 or later, Windows 7, Vista,\nXP SP2 or later\nImpact:  A man-in-the-middle attacker may offer software that appears\nto originate from Apple\nDescription:  iTunes periodically checks for software updates using\nan HTTP request to Apple. If Apple Software Update for Windows is\nnot installed, clicking the Download iTunes button may open the URL\nfrom the HTTP response in the user\u0027s default browser. This issue has\nbeen mitigated by using a secured connection when checking for\navailable updates. For OS X systems, the user\u0027s default browser is\nnot used because Apple Software Update is included with OS X,\nhowever this change adds additional defense-in-depth. \nCVE-ID\nCVE-2008-3434 : Francisco Amato of Infobyte Security Research\n\n\niTunes 10.5.1 may be obtained from:\nhttp://www.apple.com/itunes/download/\n\nFor Mac OS X:\nThe download file is named: \"iTunes10.5.1.dmg\"\nIts SHA-1 digest is: 08f8ebe3f75d7b98a215750c08b7d6eff7c9ceb9\n\nFor Windows XP / Vista / Windows 7:\nThe download file is named: \"iTunesSetup.exe\"\nIts SHA-1 digest is: bbe7ed41e62ef1eb345a12a68c1a81d351057952\n\nFor 64-bit Windows XP / Vista / Windows 7:\nThe download file is named: \"iTunes64Setup.exe\"\nIts SHA-1 digest is: c3e70eb77ab400470ef9451803c0e411eed6a689\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQEcBAEBAgAGBQJOwLKNAAoJEGnF2JsdZQeecIgH/3TTYRa3C8GPQMDZJgdD0Wgh\nsktAAH3DWj3HbEluuieTyLkoIzXLluVrJCaLOIt0G79gF0wkW7fB6eXU3i2MFtS2\nQYy6dKzZHEKSWlez+pPDnvBLD7KWFg74rz0MBDhhgmpxqHOfJ6CU0xFuojoIYvtP\n7WpLtqRpEc1R2dR/y4ACwZWfhpdatZ+mv7Gjq++Nem3/+1MU3M88eGGmX/95qGTv\nF6dwxf0c2jhL/5mRqC7A0ybn6VQm0oeTxEN8lgr+NQ+BQdXpH4wNzxmhtRP0AmZ6\nA8sENF6QBXf4J3+fCX6NqwvAwhTNUav7ApC4TMvN6fcAHzoTECvUIdpOBSKUD3E=\n=7US+\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003067"
      },
      {
        "db": "BID",
        "id": "50672"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33559"
      },
      {
        "db": "PACKETSTORM",
        "id": "107025"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-33559",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33559"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-3434",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003067",
        "trust": 0.8
      },
      {
        "db": "FULLDISC",
        "id": "20080728 TOOL RELEASE: [EVILGRADE] - USING DNS CACHE POISONING TO EXPLOIT POOR UPDATE IMPLEMENTATIONS",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-014",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "50672",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "107025",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-33559",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33559"
      },
      {
        "db": "BID",
        "id": "50672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003067"
      },
      {
        "db": "PACKETSTORM",
        "id": "107025"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-014"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3434"
      }
    ]
  },
  "id": "VAR-200808-0363",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33559"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T23:05:19.480000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT5030",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5030"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003067"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33559"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003067"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3434"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.infobyte.com.ar/down/francisco%20amato%20-%20evilgrade%20-%20eng.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011/nov/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht5030"
      },
      {
        "trust": 1.1,
        "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17136"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3434"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu535830/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3434"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3434"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/itunes/download/"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33559"
      },
      {
        "db": "BID",
        "id": "50672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003067"
      },
      {
        "db": "PACKETSTORM",
        "id": "107025"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-014"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3434"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-33559"
      },
      {
        "db": "BID",
        "id": "50672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003067"
      },
      {
        "db": "PACKETSTORM",
        "id": "107025"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-014"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3434"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-08-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33559"
      },
      {
        "date": "2008-07-28T00:00:00",
        "db": "BID",
        "id": "50672"
      },
      {
        "date": "2011-11-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003067"
      },
      {
        "date": "2011-11-16T04:35:27",
        "db": "PACKETSTORM",
        "id": "107025"
      },
      {
        "date": "2008-08-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200808-014"
      },
      {
        "date": "2008-08-01T14:41:00",
        "db": "NVD",
        "id": "CVE-2008-3434"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33559"
      },
      {
        "date": "2015-03-19T08:21:00",
        "db": "BID",
        "id": "50672"
      },
      {
        "date": "2011-11-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003067"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200808-014"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2008-3434"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-014"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iTunes Updates for vulnerabilities in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003067"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-014"
      }
    ],
    "trust": 0.6
  }
}

GSD-2008-3434

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3434

Aliases

CVE-2008-3434

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3434",
    "description": "Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.",
    "id": "GSD-2008-3434"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3434"
      ],
      "details": "Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.",
      "id": "GSD-2008-3434",
      "modified": "2023-12-13T01:23:05.053810Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3434",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.apple.com/kb/HT5030",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT5030"
          },
          {
            "name": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf",
            "refsource": "MISC",
            "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
          },
          {
            "name": "APPLE-SA-2011-11-14-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html"
          },
          {
            "name": "oval:org.mitre.oval:def:17136",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136"
          },
          {
            "name": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz",
            "refsource": "MISC",
            "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
          },
          {
            "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3434"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
            },
            {
              "name": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
            },
            {
              "name": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
            },
            {
              "name": "http://support.apple.com/kb/HT5030",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT5030"
            },
            {
              "name": "APPLE-SA-2011-11-14-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html"
            },
            {
              "name": "oval:org.mitre.oval:def:17136",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-29T01:31Z",
      "publishedDate": "2008-08-01T14:41Z"
    }
  }
}

GHSA-P52P-HQ77-4MJ2

Vulnerability from github – Published: 2022-05-02 00:00 – Updated: 2022-05-02 00:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3434"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-08-01T14:41:00Z",
    "severity": "HIGH"
  },
  "details": "Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.",
  "id": "GHSA-p52p-hq77-4mj2",
  "modified": "2022-05-02T00:00:06Z",
  "published": "2022-05-02T00:00:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3434"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5030"
    },
    {
      "type": "WEB",
      "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2011-AVI-646

Vulnerability from certfr_avis - Published: 2011-11-18 - Updated: 2011-11-18

Une vulnérabilité a été corrigée dans iTunes et permet à une personne malintentionnée de contourner la poitique de sécurité.

Description

Une vulnérabilité a été corrigée dans iTunes. Elle permet à une personne malintentionnée, ayant la possibilité de réaliser une attaque de type «homme au milieu» (man in the middle), de rediriger un utilisateur sur une page Web spécifique lors de la vérification des mises à jour par iTunes.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

iTunes versions inférieures à la version 10.5.1 pour Windows et Mac OS X.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

FKIE_CVE-2008-3434

Vulnerability from fkie_nvd - Published: 2008-08-01 14:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html
	cve@mitre.org	http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html
	cve@mitre.org	http://support.apple.com/kb/HT5030
	cve@mitre.org	http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf
	cve@mitre.org	http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html
	af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5030
	af854a3a-2127-422b-91ae-364da2661108	http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf
	af854a3a-2127-422b-91ae-364da2661108	http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136

Impacted products

Vendor	Product	Version
apple	itunes	*
apple	itunes	1.0
apple	itunes	1.1
apple	itunes	1.1.1
apple	itunes	1.1.2
apple	itunes	2.0
apple	itunes	2.0.1
apple	itunes	2.0.2
apple	itunes	2.0.3
apple	itunes	2.0.4
apple	itunes	3.0
apple	itunes	3.0.1
apple	itunes	4.0
apple	itunes	4.0.1
apple	itunes	4.1
apple	itunes	4.2
apple	itunes	4.5
apple	itunes	4.6
apple	itunes	4.7
apple	itunes	4.7.1
apple	itunes	4.8
apple	itunes	4.9
apple	itunes	5.0
apple	itunes	5.0.1
apple	itunes	6.0
apple	itunes	6.0.1
apple	itunes	6.0.2
apple	itunes	6.0.3
apple	itunes	6.0.4
apple	itunes	6.0.4.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54BA0A48-E321-436A-8398-DB64C29CDC8E",
              "versionEndIncluding": "6.0.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8659A87-1197-4C3B-A076-90FE3A453205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E15C097-98DE-4217-8814-95B54CE418F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4179C0-CA2C-42D7-AD72-A19668662A62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A8AD07-07A4-4384-BE4D-8DB0F2E902A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AD3FBB2-EF88-42B5-8745-0DE5A3BB340C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA630BC5-DF1D-4602-A3AA-3319F3C5C9B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1EB1098-87E1-45DC-BD44-2B374BAA758C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "49DD3B1C-1743-434B-B67F-A3C1B350059A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E27E1D8-0303-4F91-B1B0-38C64A8F04F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F995CF65-E3DD-4C54-B3F5-417C6F75D930",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44964DEC-DC35-4DCE-B28D-687348758163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8F1A117-8508-4274-99EA-D58F54EBBA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C910CA4-5EA5-4507-BDE9-3E6C1434B666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4490461A-84C7-42C3-A61B-4E6EF5980B47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D365C93F-D06C-4FB0-8192-A4E84B6B2F3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4B6A66A-AC5F-48E0-ABCE-68828207B106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "071BFB1F-402B-4D8C-8155-671792AEDB81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCBA60E9-C5B5-4B4C-9FA3-7FE0F3F6871C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFB9D7E1-B715-4A93-9CDB-99A89C7D85B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "07040FC1-6BFE-4E8F-A089-1166404BE33B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6573035-D208-4C4C-98A4-A7BA26C6AB15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48FDD0A-6DE5-44DD-B144-32B91DB26C7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B591AE1E-02DB-462A-B71F-48947525D232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD0C29E-FB9F-41DE-968F-46DD0EA55003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2276BED4-82F0-4F62-AA6F-7E1667F28E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "45D47548-1C4D-4368-99D1-929905DD6B3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "28AE8D2D-63CA-4091-9D59-CE919EB1FD75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9E22D2-551A-4CDF-B9F0-C45A3A2B7695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "52A433A5-3EFF-405D-8285-97EC88857968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
    },
    {
      "lang": "es",
      "value": "Apple iTunes anterior a versi\u00f3n 10.5.1, no comprueba apropiadamente la autenticidad de las actualizaciones, lo que permite a los atacantes de tipo man-in-the-middle ejecutar c\u00f3digo arbitrario por medio de una actualizaci\u00f3n de tipo caballo de troya, como es demostrado por el evilgrade y el envenenamiento de la cach\u00e9  de DNS."
    }
  ],
  "id": "CVE-2008-3434",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-08-01T14:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT5030"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-3434 (GCVE-0-2008-3434)

VAR-200808-0363

GSD-2008-3434

GHSA-P52P-HQ77-4MJ2

CERTA-2011-AVI-646

Description

Solution

FKIE_CVE-2008-3434

Tags

Sightings

Nomenclature