SecurityTracker.com Archives - Apple AirPort Probe Response Frame Memory Error Lets Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Welcome to SecurityTracker!

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: OS (UNIX) > AirPort

Vendors: Apple Computer

Apple AirPort Probe Response Frame Memory Error Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1017151

SecurityTracker URL: http://securitytracker.com/id?1017151

CVE Reference: CVE-2006-5710 (Links to External Site)

Updated: Nov 29 2006

Original Entry Date: Nov 2 2006

Impact: Execution of arbitrary code via network, Root access via network

Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes

Version(s): OS X 10.4.8 and prior versions

Description: A vulnerability was reported in AirPort. A remote user can execute arbitrary code on the target system.

A remote user on the wireless network can send a specially crafted probe response frame to a driver that is in active scanning mode to trigger a memory corruption error and execute arbitrary code on the target system.

The Apple Airport driver provided with Orinoco-based Airport cards is affected.

Apple indicates that the affected AirPort cards are first generation AirPort cards that last shipped in October 2003. Cards that are currently shipping are not affected. AirPort Extreme enabled Macs are not affected.

H D Moore reported this vulnerability.

The original advisory is available at:

http://projects.info-pull.com/mokb/MOKB-01-11-2006.html

Impact: A remote user can execute arbitrary code on the target system.

Solution: The vendor has issued a fix as part of Security Update 2006-007, available via the Software Update pane in System Preferences or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.3.9
The download file is named: "SecUpd2006-007Pan.dmg"
Its SHA-1 digest is: b4c9190964cf4f9f674ab7f8cbd2c1cbe196cb2d

For Mac OS X v10.4.8 (PowerPC)
The download file is named: "SecUpd2006-007Ti.dmg"
Its SHA-1 digest is: 994b13d0c36b18f3d30e2c0849b023393d714ef6

For Mac OS X v10.4.8 (Intel)
The download file is named: "SecUpd2006-007Intel.dmg"
Its SHA-1 digest is: a90bf763dc381f61839d6f55cdf3d5dd710d327f

For Mac OS X Server v10.3.9
The download file is named: "SecUpdSrvr2006-007Pan.dmg"
Its SHA-1 digest is: 4bd756bfa7b1fe927d34fc7a377a4b010008b866

For Mac OS X Server v10.4.8 (PowerPC)
The download file is named: "SecUpdSrvr2006-007Ti.dmg"
Its SHA-1 digest is: 0fa7e1041dd5a61393996a09081190d3343d7f34

For Mac OS X Server v10.4.8 (Universal)
The download file is named: "SecUpdSrvr2006-007Universal.dmg"
Its SHA-1 digest is: b9987a0fa591ccfd467b1ebec85367b140b8d789

Vendor URL: www.apple.com/ (Links to External Site)

Cause: Boundary error

Underlying OS: UNIX (Mac OS X)

Message History: None.

Source Message Contents

Date: Thu, 2 Nov 2006 02:02:00 -0500
Subject: Apple Airport 802.11 Probe Response Kernel Memory Corruption

 
 
http://projects.info-pull.com/mokb/MOKB-01-11-2006.html

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2006, SecurityGlobal.net LLC