SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple AirPort Vendors:   Apple
Apple AirPort Probe Response Frame Memory Error Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017151
SecurityTracker URL:  http://securitytracker.com/id/1017151
CVE Reference:   CVE-2006-5710   (Links to External Site)
Updated:  Nov 29 2006
Original Entry Date:  Nov 2 2006
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): OS X 10.4.8 and prior versions
Description:   A vulnerability was reported in AirPort. A remote user can execute arbitrary code on the target system.

A remote user on the wireless network can send a specially crafted probe response frame to a driver that is in active scanning mode to trigger a memory corruption error and execute arbitrary code on the target system.

The Apple Airport driver provided with Orinoco-based Airport cards is affected.

Apple indicates that the affected AirPort cards are first generation AirPort cards that last shipped in October 2003. Cards that are currently shipping are not affected. AirPort Extreme enabled Macs are not affected.

H D Moore reported this vulnerability.

The original advisory is available at:

http://projects.info-pull.com/mokb/MOKB-01-11-2006.html

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix as part of Security Update 2006-007, available via the Software Update pane in System Preferences or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.3.9
The download file is named: "SecUpd2006-007Pan.dmg"
Its SHA-1 digest is: b4c9190964cf4f9f674ab7f8cbd2c1cbe196cb2d

For Mac OS X v10.4.8 (PowerPC)
The download file is named: "SecUpd2006-007Ti.dmg"
Its SHA-1 digest is: 994b13d0c36b18f3d30e2c0849b023393d714ef6

For Mac OS X v10.4.8 (Intel)
The download file is named: "SecUpd2006-007Intel.dmg"
Its SHA-1 digest is: a90bf763dc381f61839d6f55cdf3d5dd710d327f

For Mac OS X Server v10.3.9
The download file is named: "SecUpdSrvr2006-007Pan.dmg"
Its SHA-1 digest is: 4bd756bfa7b1fe927d34fc7a377a4b010008b866

For Mac OS X Server v10.4.8 (PowerPC)
The download file is named: "SecUpdSrvr2006-007Ti.dmg"
Its SHA-1 digest is: 0fa7e1041dd5a61393996a09081190d3343d7f34

For Mac OS X Server v10.4.8 (Universal)
The download file is named: "SecUpdSrvr2006-007Universal.dmg"
Its SHA-1 digest is: b9987a0fa591ccfd467b1ebec85367b140b8d789

Vendor URL:  www.apple.com/ (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC