Apple Time Capsule and AirPort Base Station Firmware < 7.5.2 (APPLE-SA-2010-12-16-1)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote network device is affected by multiple remote
vulnerabilities.

Description :

According to the firmware version collected via SNMP, the remote
Apple Time Capsule / AirPort Base Station / AirPort Extreme Base
Station is affected by multiple remote vulnerabilities.

- An integer overflow exists in the
'netsnmp_create_subtree_cache' function that can be
exploited using a specially crafted SNMPv3 packet to
crash the SNMP server. (CVE-2008-4309)

- A remote attacker may be able to crash the racoon
daemon by sending specially crafted fragmented ISAKMP
packets, thereby triggering a null pointer dereference.
(CVE-2009-1574)

- By sending a large number of Router Advertisement (RA)
and Neighbor Discovery (ND) packets, an attacker on the
local network can exhaust the base station's resources,
causing it to restart unexpectedly. (CVE-2009-2189)

- An attacker with write access to an FTP server inside
the NAT may be able to use a malicious PORT command to
bypass IP-based restrictions for the service.
(CVE-2010-0039)

- If the device has been configured to act as a bridge or
configured in Network Address Translation (NAT) mode
with a default host enabled (not the default), an
attacker may be able to cause the device to stop
responding using a specially crafted DHCP reply.
(CVE-2010-1804)

See also :

http://www.nessus.org/u?7875828e
http://lists.apple.com/archives/security-announce/2010/Dec/msg00001.html

Solution :

Upgrade the firmware to version 7.5.2 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 51342 ()

Bugtraq ID: 32020
34765
45489
45490
45491

CVE ID: CVE-2008-4309
CVE-2009-2189
CVE-2010-0039
CVE-2009-1574
CVE-2010-1804