Apple Time Capsule and AirPort Base Station (802.11n) Firmware < 7.6 (APPLE-SA-2011-11-10-2)

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.


Synopsis :

The remote network device is affected by an arbitrary code execution
vulnerability.

Description :

According to the firmware version collected via SNMP, the copy of
dhclient-script included with the remote Apple Time Capsule / AirPort
Express Base Station / AirPort Extreme Base Station reportedly fails
to strip shell meta-characters in a hostname obtained from a DHCP
response. A remote attacker might be able to leverage this
vulnerability to execute arbitrary code on the affected device.

See also :

http://support.apple.com/kb/HT5005
http://lists.apple.com/archives/security-announce/2011/Nov/msg00002.html
http://www.securityfocus.com/archive/1/520482/30/0/threaded

Solution :

Upgrade the firmware to version 7.6 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 56855 ()

Bugtraq ID: 47176

CVE ID: CVE-2011-0997