Apple Time Capsule and AirPort Base Station Firmware < 7.5.2 (APPLE-SA-2010-12-16-1)

high Nessus Plugin ID 51342

Synopsis

The remote network device is affected by multiple remote vulnerabilities.

Description

According to the firmware version collected via SNMP, the remote Apple Time Capsule / AirPort Base Station / AirPort Extreme Base Station is affected by multiple remote vulnerabilities.

- An integer overflow exists in the 'netsnmp_create_subtree_cache' function that can be exploited using a specially crafted SNMPv3 packet to crash the SNMP server. (CVE-2008-4309)
- A remote attacker may be able to crash the racoon daemon by sending specially crafted fragmented ISAKMP packets, thereby triggering a NULL pointer dereference.
(CVE-2009-1574)
- By sending a large number of Router Advertisement (RA) and Neighbor Discovery (ND) packets, an attacker on the local network can exhaust the base station's resources, causing it to restart unexpectedly. (CVE-2009-2189)
- An attacker with write access to an FTP server inside the NAT may be able to use a malicious PORT command to bypass IP-based restrictions for the service. (CVE-2010-0039)
- If the device has been configured to act as a bridge or configured in Network Address Translation (NAT) mode with a default host enabled (not the default), an attacker may be able to cause the device to stop responding using a specially crafted DHCP reply.
(CVE-2010-1804)

Solution

Upgrade the firmware to version 7.5.2 or later.

See Also

http://www.nessus.org/u?7875828e

https://lists.apple.com/archives/security-announce/2010/Dec/msg00001.html

Plugin Details

Severity: High

ID: 51342

File Name: airport_firmware_7_5_2.nasl

Version: 1.10

Type: remote

Family: Misc.

Published: 12/17/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/Airport/Firmware

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/16/2010

Vulnerability Publication Date: 12/16/2010

Reference Information

CVE: CVE-2008-4309, CVE-2009-1574, CVE-2009-2189, CVE-2010-0039, CVE-2010-1804

BID: 32020, 34765, 45489, 45490, 45491

CWE: 20