Apple Time Capsule and AirPort Base Station Firmware < 7.5.2 (APPLE-SA-2010-12-16-1)

high Nessus Plugin ID 51342
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote network device is affected by multiple remote vulnerabilities.

Description

According to the firmware version collected via SNMP, the remote Apple Time Capsule / AirPort Base Station / AirPort Extreme Base Station is affected by multiple remote vulnerabilities.

- An integer overflow exists in the 'netsnmp_create_subtree_cache' function that can be exploited using a specially crafted SNMPv3 packet to crash the SNMP server. (CVE-2008-4309)
- A remote attacker may be able to crash the racoon daemon by sending specially crafted fragmented ISAKMP packets, thereby triggering a NULL pointer dereference.
(CVE-2009-1574)
- By sending a large number of Router Advertisement (RA) and Neighbor Discovery (ND) packets, an attacker on the local network can exhaust the base station's resources, causing it to restart unexpectedly. (CVE-2009-2189)
- An attacker with write access to an FTP server inside the NAT may be able to use a malicious PORT command to bypass IP-based restrictions for the service. (CVE-2010-0039)
- If the device has been configured to act as a bridge or configured in Network Address Translation (NAT) mode with a default host enabled (not the default), an attacker may be able to cause the device to stop responding using a specially crafted DHCP reply.
(CVE-2010-1804)

Solution

Upgrade the firmware to version 7.5.2 or later.

See Also

http://www.nessus.org/u?7875828e

https://lists.apple.com/archives/security-announce/2010/Dec/msg00001.html

Plugin Details

Severity: High

ID: 51342

File Name: airport_firmware_7_5_2.nasl

Version: 1.10

Type: remote

Family: Misc.

Published: 12/17/2010

Updated: 11/15/2018

Dependencies: snmp_airport_version.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

Required KB Items: Host/Airport/Firmware

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/16/2010

Vulnerability Publication Date: 12/16/2010

Reference Information

CVE: CVE-2008-4309, CVE-2009-2189, CVE-2010-0039, CVE-2009-1574, CVE-2010-1804

BID: 32020, 34765, 45489, 45490, 45491

CWE: 20