Apple Time Capsule and AirPort Base Station (802.11n) Firmware < 7.6 (APPLE-SA-2011-11-10-2)

high Nessus Plugin ID 56855

Synopsis

The remote network device is affected by an arbitrary code execution vulnerability.

Description

According to the firmware version collected via SNMP, the copy of dhclient-script included with the remote Apple Time Capsule / AirPort Express Base Station / AirPort Extreme Base Station reportedly fails to strip shell meta-characters in a hostname obtained from a DHCP response. A remote attacker might be able to leverage this vulnerability to execute arbitrary code on the affected device.

Solution

Upgrade the firmware to version 7.6 or later.

See Also

https://support.apple.com/en-us/HT202347

https://lists.apple.com/archives/security-announce/2011/Nov/msg00002.html

https://www.securityfocus.com/archive/1/520482/30/0/threaded

Plugin Details

Severity: High

ID: 56855

File Name: airport_firmware_7_6.nasl

Version: 1.10

Type: local

Family: Misc.

Published: 11/16/2011

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Host/Airport/Firmware, SNMP/community

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/11/2011

Vulnerability Publication Date: 4/5/2011

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2011-0997

BID: 47176