CVE-2007-3753 - Vulnerability Details - OpenCVE

Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Iphone Os

Configuration 1 [-]

OR	cpe:2.3:h:apple:iphone:1.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=306586
http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html
http://osvdb.org/38538
http://secunia.com/advisories/26983
http://securitytracker.com/id?1018752
http://www.securityfocus.com/bid/25855
http://www.vupen.com/english/advisories/2007/3287
https://exchange.xforce.ibmcloud.com/vulnerabilities/36844

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-27T21:00:00

Updated: 2024-08-07T14:28:52.249Z

Reserved: 2007-07-12T00:00:00

Link: CVE-2007-3753

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-09-27T21:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-3753

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-27T00:00:00", "descriptions": [{"lang": "en", "value": "Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "APPLE-SA-2007-09-27", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=306586"}, {"name": "iphone-bluetooth-server-code-execution(36844)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36844"}, {"name": "38538", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38538"}, {"name": "26983", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26983"}, {"name": "25855", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25855"}, {"name": "ADV-2007-3287", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3287"}, {"name": "1018752", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018752"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3753", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2007-09-27", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"}, {"name": "http://docs.info.apple.com/article.html?artnum=306586", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=306586"}, {"name": "iphone-bluetooth-server-code-execution(36844)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36844"}, {"name": "38538", "refsource": "OSVDB", "url": "http://osvdb.org/38538"}, {"name": "26983", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26983"}, {"name": "25855", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25855"}, {"name": "ADV-2007-3287", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3287"}, {"name": "1018752", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018752"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:28:52.249Z"}, "title": "CVE Program Container", "references": [{"name": "APPLE-SA-2007-09-27", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=306586"}, {"name": "iphone-bluetooth-server-code-execution(36844)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36844"}, {"name": "38538", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/38538"}, {"name": "26983", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26983"}, {"name": "25855", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25855"}, {"name": "ADV-2007-3287", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3287"}, {"name": "1018752", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018752"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3753", "datePublished": "2007-09-27T21:00:00", "dateReserved": "2007-07-12T00:00:00", "dateUpdated": "2024-08-07T14:28:52.249Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5F382364-1B45-4C62-AB29-A20512AA77D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation."}, {"lang": "es", "value": "Apple iPhone 1.1.1, con Bluetooth habilitado, permite a atacantes f\u00edsicamente pr\u00f3ximos provocar una denegaci\u00f3n de servicio (terminaci\u00f3n de la aplicaci\u00f3n) y ejecutar c\u00f3digo de su elecci\u00f3n mediante paquetes SDP (Service Discovery Protocol), relacionado con una validaci\u00f3n insuficiente de la entrada."}], "id": "CVE-2007-3753", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-27T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=306586"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/38538"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26983"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018752"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25855"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3287"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://docs.info.apple.com/article.html?artnum=306586"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/38538"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018752"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25855"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3287"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36844"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}