SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Device (Router/Bridge/Hub)  >   AirPort Vendors:   Apple Computer
Apple Time Capsule and AirPort Base Station Bugs Let Remote Users Deny Service or Access Ostensibly Protected Hosts
SecurityTracker Alert ID:  1024907
SecurityTracker URL:  http://securitytracker.com/id/1024907
CVE Reference:   CVE-2009-2189, CVE-2010-0039, CVE-2010-1804   (Links to External Site)
Date:  Dec 17 2010
Impact:   Denial of service via network, Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to firmware 7.5.2
Description:   Several vulnerabilities were reported in Apple Time Capsule and AirPort Base Station. A remote user can cause denial of service conditions. A remote user can access hosts behind the device.

A remote user on the local network can send a large number of IPv6 Router Advertisement (RA) and Neighbor Discovery (ND) packets to cause the target device to restart [CVE-2009-2189]. Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed Co., Shirahata Shin and Rodney Van Meter of Keio University, and Tatuya Jinmei of Internet Systems Consortium, Inc. reported this vulnerability.

If a system behind the NAT function on the device has a portmapped FTP server, a remote user on that system can query services behind the device [CVE-2010-0039]. Sabahattin Gucukoglu reported this vulnerability.

A remote user can send a specially crafted DHCP reply to cause the target device to stop responding to network traffic [CVE-2010-1804]. Systems configured as a bridge or configured in Network Address Translation (NAT) mode with a default host enabled are affected. Stefan R. Filipek reported this vulnerability.
Impact:   A remote user can cause the target device to restart or stop responding to network traffic.

A remote user behind the deivce can access other hosts behind the device in certain cases.
Solution:   Apple has issued a fix for Time Capsule and AirPort Base Station (7.5.2).

The Apple advisory is available at:

http://support.apple.com/kb/HT4298
Vendor URL:  support.apple.com/kb/HT4298 (Links to External Site)
Cause:   Access control error, Resource error, State error
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Fri, 17 Dec 2010 04:05:32 +0000
Subject:  Time Capsule and AirPort Base Station


APPLE-SA-2010-12-16-1 Time Capsule and AirPort Base Station
(802.11n) Firmware 7.5.2


CVE-ID:  CVE-2009-2189
Available for:  AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact:  Receiving a large number of IPv6 Router Advertisement (RA)
and Neighbor Discovery (ND) packets from a system on the local
network may cause the base station to restart
Description:  A resource consumption issue exists in the base
station's handling of Router Advertisement (RA) and Neighbor
Discovery (ND) packets. A system on the local network may send a
large number of RA and ND packets that could exhaust the base
station's resources, causing it to restart unexpectedly. This issue
is addressed by rate limiting incoming ICMPv6 packets. Credit to
Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed
Co., Shirahata Shin and Rodney Van Meter of Keio University, and
Tatuya Jinmei of Internet Systems Consortium, Inc. for reporting this
issue.

CVE-ID:  CVE-2010-0039
Available for:  AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact:  An attacker may be able to query services behind an AirPort
Base Station or Time Capsule's NAT from the source IP of the router,
if any system behind the NAT has a portmapped FTP server
Description:  The AirPort Extreme Base Station and Time Capsule's
Application-Level Gateway (ALG) rewrites incoming FTP traffic,
including PORT commands, to appear as if it is the source. An
attacker with write access to an FTP server inside the NAT may issue
a malicious PORT command, causing the ALG to send attacker-supplied
data to an IP and port behind the NAT. As the data is resent from the
Base Station, it could potentially bypass any IP-based restrictions
for the service. This issue is addressed by not rewriting inbound
PORT commands via the ALG. Credit to Sabahattin Gucukoglu for
reporting this issue.


CVE-ID:  CVE-2010-1804
Available for:  AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact:  A remote attacker may cause the device to stop processing
network traffic
Description:  An implementation issue exists in the network bridge.
Sending a maliciously crafted DHCP reply to the device may cause it
to stop responding to network traffic. This issue affects devices
that have been configured to act as a bridge, or are configured in
Network Address Translation (NAT) mode with a default host enabled.
By default, the device operates in NAT mode, and no default host is
configured. This update addresses the issue through improved handling
of DHCP packets on the network bridge. Credit to Stefan R. Filipek
for reporting this issue.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC