Denial of Service : Apple iTunes Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800543

Categoría: Denial of Service

Título: Apple iTunes Multiple Vulnerabilities

Resumen: Apple iTunes is prone to multiple vulnerabilities.

Descripción: Summary:
Apple iTunes is prone to multiple vulnerabilities.

Vulnerability Insight:
The following issues exist:

- the origin of an authentication request is not properly informed to the user

- an error is generated while processing a Digital Audio Access Protocol (DAAP) message containing specially
crafted Content-Length parameter in the header of a DAAP message

Vulnerability Impact:
This issue may be exploited to gain the user's iTune credentials when
subscribing to a malicious podcast and to cause denial of service.

Affected Software/OS:
Apple iTunes version prior to 8.1.0.51 on Windows.

Solution:
Update to iTunes Version 8.1 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: BugTraq ID: 34094
Common Vulnerability Exposure (CVE) ID: CVE-2009-0143
http://lists.apple.com/archives/security-announce//2009/Mar/msg00001.html
http://www.securityfocus.com/bid/34094
http://osvdb.org/52579
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5336
http://securitytracker.com/id?1021843
http://secunia.com/advisories/34254
http://www.vupen.com/english/advisories/2009/0702
XForce ISS Database: itunes-podcast-information-disclosure(49201)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49201
Common Vulnerability Exposure (CVE) ID: CVE-2009-0016
Bugtraq: 20090313 Apple iTunes DAAP Messages Handling Denial of Service Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/501758/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0236.html
http://www.fortiguardcenter.com/advisory/FGA-2009-11.html
http://osvdb.org/52578
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6001
http://securitytracker.com/id?1021842
XForce ISS Database: itunes-daap-dos(49200)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49200

Copyright Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800543
Categoría:	Denial of Service
Título:	Apple iTunes Multiple Vulnerabilities
Resumen:	Apple iTunes is prone to multiple vulnerabilities.
Descripción:	Summary: Apple iTunes is prone to multiple vulnerabilities. Vulnerability Insight: The following issues exist: - the origin of an authentication request is not properly informed to the user - an error is generated while processing a Digital Audio Access Protocol (DAAP) message containing specially crafted Content-Length parameter in the header of a DAAP message Vulnerability Impact: This issue may be exploited to gain the user's iTune credentials when subscribing to a malicious podcast and to cause denial of service. Affected Software/OS: Apple iTunes version prior to 8.1.0.51 on Windows. Solution: Update to iTunes Version 8.1 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	BugTraq ID: 34094 Common Vulnerability Exposure (CVE) ID: CVE-2009-0143 http://lists.apple.com/archives/security-announce//2009/Mar/msg00001.html http://www.securityfocus.com/bid/34094 http://osvdb.org/52579 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5336 http://securitytracker.com/id?1021843 http://secunia.com/advisories/34254 http://www.vupen.com/english/advisories/2009/0702 XForce ISS Database: itunes-podcast-information-disclosure(49201) https://exchange.xforce.ibmcloud.com/vulnerabilities/49201 Common Vulnerability Exposure (CVE) ID: CVE-2009-0016 Bugtraq: 20090313 Apple iTunes DAAP Messages Handling Denial of Service Vulnerability (Google Search) http://www.securityfocus.com/archive/1/501758/100/0/threaded http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0236.html http://www.fortiguardcenter.com/advisory/FGA-2009-11.html http://osvdb.org/52578 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6001 http://securitytracker.com/id?1021842 XForce ISS Database: itunes-daap-dos(49200) https://exchange.xforce.ibmcloud.com/vulnerabilities/49200
Copyright	Copyright (C) 2009 Greenbone Networks GmbH