SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Apple AirPort Vendors:   Apple
Apple Time Capsule and AirPort Base Station Bugs Let Remote Users Deny Service or Access Ostensibly Protected Hosts
SecurityTracker Alert ID:  1024907
SecurityTracker URL:  http://securitytracker.com/id/1024907
CVE Reference:   CVE-2009-2189, CVE-2010-0039, CVE-2010-1804   (Links to External Site)
Date:  Dec 17 2010
Impact:   Denial of service via network, Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to firmware 7.5.2
Description:   Several vulnerabilities were reported in Apple Time Capsule and AirPort Base Station. A remote user can cause denial of service conditions. A remote user can access hosts behind the device.

A remote user on the local network can send a large number of IPv6 Router Advertisement (RA) and Neighbor Discovery (ND) packets to cause the target device to restart [CVE-2009-2189]. Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed Co., Shirahata Shin and Rodney Van Meter of Keio University, and Tatuya Jinmei of Internet Systems Consortium, Inc. reported this vulnerability.

If a system behind the NAT function on the device has a portmapped FTP server, a remote user on that system can query services behind the device [CVE-2010-0039]. Sabahattin Gucukoglu reported this vulnerability.

A remote user can send a specially crafted DHCP reply to cause the target device to stop responding to network traffic [CVE-2010-1804]. Systems configured as a bridge or configured in Network Address Translation (NAT) mode with a default host enabled are affected. Stefan R. Filipek reported this vulnerability.

Impact:   A remote user can cause the target device to restart or stop responding to network traffic.

A remote user behind the deivce can access other hosts behind the device in certain cases.

Solution:   Apple has issued a fix for Time Capsule and AirPort Base Station (7.5.2).

The Apple advisory is available at:

http://support.apple.com/kb/HT4298

Vendor URL:  support.apple.com/kb/HT4298 (Links to External Site)
Cause:   Access control error, Resource error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC