SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (Router/Bridge/Hub)  >   AirPort Vendors:   Apple Computer
Apple AirPort Base Station Lets Remote Users Access Restricted Networks
SecurityTracker Alert ID:  1023801
SecurityTracker URL:  http://securitytracker.com/id/1023801
CVE Reference:   CVE-2009-2822   (Links to External Site)
Date:  Mar 31 2010
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): AirPort Utility prior to 5.5.1
Description:   A vulnerability was reported in AirPort Base Station. A remote user can connect to a restricted network.

When a network extender is used, a remote user can bypass the MAC address access control list and connect to a restricted network.

Guido Lamberty reported this vulnerability.

Impact:   A remote user can connect to a restricted network.
Solution:   The vendor has issued a fix (AirPort Base Station Update 2010-001), available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

The manual download is named AirPort Utility 5.5.1.

AirPort Utility for Mac OS X
The download file is named: AirPortUtility551.dmg
Its SHA-1 digest is: 542636fb7d538795cf18db6aa4453c4bcb570c19

AirPort Utility for Windows 7, Vista or XP
The download file is named: AirPortSetup.exe
Its SHA-1 digest is: a18af3cd329ab3adb31c794ede1a408b4f861968

The vendor's advisory will be available at:

http://support.apple.com/kb/HT1222

Vendor URL:  www.apple.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Wed, 31 Mar 2010 13:42:11 -0700
Subject:  APPLE-SA-2010-03-31-1 AirPort Base Station Update 2010-001

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2010-03-31-1 AirPort Base Station Update 2010-001

AirPort Base Station Update 2010-001 is now available and
addresses the following:

AirPort Utility
CVE-ID:  CVE-2009-2822
Available for:  Mac OS X v10.5.7 or later, Windows 7, Vista, XP
Impact:  An unauthorized user may be able to connect to a restricted
network that uses a network extender
Description:  An AirPort administrator may restrict access to a
network by specifying a MAC address ACL. There is an issue where MAC
address ACLs are not properly propagated to network extenders. This
can allow an unauthorized user to access a network that should be
restricted via the MAC address ACL. This update addresses the issue
through improved distribution of settings to network extenders.
Credit to Guido Lamberty for reporting this issue.


AirPort Base Station Update 2010-001 may be obtained from the
Software Update pane in System Preferences, or Apple's Software
Downloads web site: http://www.apple.com/support/downloads/
The manual download is named AirPort Utility 5.5.1.

AirPort Utility for Mac OS X
The download file is named: AirPortUtility551.dmg
Its SHA-1 digest is: 542636fb7d538795cf18db6aa4453c4bcb570c19

AirPort Utility for Windows 7, Vista or XP
The download file is named: AirPortSetup.exe
Its SHA-1 digest is: a18af3cd329ab3adb31c794ede1a408b4f861968

To check that AirPort Utility has been updated:

* Launch AirPort Utility
* Select "About AirPort Utility" in the "AirPort Utility" menu. The
version after applying this update will be "5.5.1" or later.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJLs3/5AAoJEHkodeiKZIkBAuQH/A6OXYFdQITlt/QaJ1T8xTLv
tz5qibzt0yaIZJKB0r45YuHgdwHIdIfzHzRR1lfHw48F8OCC0BXISCHYhBDlvyBa
MMiJOHh5iqhBI8+6qneiuEqGszCDC/tOpWOEAlsxL6221TFOv5knytFffeQLyMsI
EFjok8HItekvvMiQw8rn3Rt7U9F70/9lx6QWFQCxxnw8ezHkzAW5tohgflMQZjx6
FOM99d5fx+2TIB03tDlSv+PrXTuCEoJQqN+Siqi2yif0I3suE7bAeWn6Z8Qjyo7p
Plq8xNv89om3qUu2pw/HIpIqCMFktnOHAyiIFQvWt4OiHqFO41DnhXS4pQ6kBZE=
=HfTD
-----END PGP SIGNATURE-----
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC