Apple AirPort Extreme Beacon Frame Processing Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1017328 |
|
SecurityTracker URL: http://securitytracker.com/id/1017328
|
|
CVE Reference:
CVE-2006-6292
(Links to External Site)
|
Updated: Mar 8 2007
|
Original Entry Date: Dec 4 2006
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 10.4.8; Extreme firmware version 0.1.27
|
Description:
A vulnerability was reported in AirPort Extreme. A remote user on the wireless network can cause denial of service conditions.
The Apple AirPort Extreme driver does not properly process certain beacon frames. A remote user on the wireless network can send specially crafted beacon frames to trigger an out-of-bounds memory access on the target system, resulting in a kernel panic.
LMH discovered this vulnerability.
The vendor was notified on November 25, 2006.
The original advisory is available at:
http://projects.info-pull.com/mokb/MOKB-30-11-2006.html
|
Impact:
A remote user on the wireless network can cause the target system to crash.
|
Solution:
The vendor has issued a revised fix (AirPort Extreme Update 2007-002), available via Software Update preferences, or from Apple Downloads at:
http://www.apple.com/support/downloads/
The original fix (AirPort Extreme Update 2007-001) provides the same security protections as the revised fix. However, the revised fix includes an additional non-security fix for a compatibility issue with third-party access points that use WEP.
The Apple advisory is available at:
http://docs.info.apple.com/article.html?artnum=305031
|
Vendor URL: docs.info.apple.com/article.html?artnum=305031 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 4 Dec 2006 08:41:55 -0500
Subject: Apple Airport Extreme Beacon Frame Denial of Service
|
http://projects.info-pull.com/mokb/MOKB-30-11-2006.html
|
|
