(Apple Issues Fix for AirPort Extreme) BSD IPv6 Type 0 Route Headers May Let Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1018625 |
|
SecurityTracker URL: http://securitytracker.com/id/1018625
|
|
CVE Reference:
CVE-2007-2242
(Links to External Site)
|
Updated: Sep 6 2007
|
Original Entry Date: Aug 29 2007
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in IPv6, affecting OpenBSD and FreeBSD. A remote user can cause denial of service conditions. Apple AirPort Extreme systems are affected.
A remote user can use IPv6 Type 0 route headers to conduct denial of service attacks against hosts and networks.
[Editor's note: The vendor indicates that this a design flaw in IPv6 and not a flaw in OpenBSD.]
|
Impact:
A remote user can cause denial of service conditions.
|
Solution:
Apple has issued a fixed firmware version (7.2.1) for AirPort Extreme 802.11n base stations, which are affected by this vulnerability.
The Apple advisory is available at:
http://docs.info.apple.com/article.html?artnum=306375
|
Cause:
Resource error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 29 Aug 2007 13:29:58 -0700
Subject: APPLE-SA-2007-08-29 AirPort Extreme Base Station Firmware version
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2007-08-29 Firmware version 7.2.1 for
AirPort Extreme 802.11n* base stations
Firmware version 7.2.1 is now available for AirPort Extreme 802.11n*
base stations. (* Based on an IEEE 802.11n draft specification)
Further information on the base station is available via:
http://www.apple.com/airportextreme/
Firmware version 7.2.1 fixes the following security issue:
AirPort Extreme Base Station with 802.11n*
CVE-ID: CVE-2007-2242
Available for: AirPort Extreme Base Station with 802.11n*
Impact: Remote attackers may be able to adversely affect network
performance
Description: A design issue exists in the IPv6 protocol's handling
of type 0 routing headers. Depending on network topology and
capacity, the reception of specially crafted IPv6 packets may lead to
a reduction in network bandwidth. This update addresses the issue by
disabling the support for type 0 routing headers. This issue does not
affect the Gigabit Ethernet version of AirPort Extreme Base Station
with 802.11n*.
Installation note for Firmware version 7.2.1
Firmware version 7.2.1 is installed into an AirPort Extreme Base
Station with 802.11n* by running the AirPort Utility which is
provided with the Base Station.
Information will also be posted to the Apple Security Updates
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)
iQEVAwUBRtXM7MgAoqu4Rp5tAQgZ1gf/aPB1d1u6oL9X90fXS3Y9Uwv+/EdaPFNg
9Sd3mv1L2g7/UjXHLF7T6mjGmx303h3nYRX5LvZpU8tfB4t59X67IPjOfp/xkF77
sPgMv2s1eYeLXnKgNd+pCukVcVyeucHqDIo0qDcUukmkVouXFyYMOpD9DhqdgYre
I4ePirMHt+FBHZ5Vz+DZBZtIYTtD5XJY3G14XEYWSMHCNZypTpYxnuweoYP43mt5
MpesCELJE9zotgKKhsTEqaguipFP4z/gqtiRgnxbAeRT3mjc/RnsT4n2u1EBLqBN
3dHwv8mKFbrMIbiPqCDQeZU21bAtdRQNpswc+u+WkDetsS+W0b1Mlg==
=UChZ
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)
|
|
