SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#583552

Apple Airport Extreme fails to properly process 802.11 frames

Overview

A vulnerability exists in the Apple AirPort Extreme wireless driver that may allow an attacker to crash a vulnerable system.

I. Description

The Apple AirPort Extreme adapter is an 802.11g compatible wireless adapter used in Apple OS X laptops and desktops.

A flaw exists in the way AirPort Extreme wireless drivers handle certain malformed 802.11 frames which may result in an out-of-bounds memory access. This flaw results in a vulnerability that could allow an attacker to cause a kernel panic on a vulnerable system.

To exploit this vulnerability an attacker would need to send a specially crafted 802.11 frame to a vulnerable system. Since 802.11b and 802.11g management frames are not encrypted, using wireless encryption (WEP/WPA) may not mitigate this vulnerability.

Per Apple Security Advisory 2007-01-25, the Core Duo version of Mac mini, MacBook, and MacBook Pro computers are affected by this vulnerability.

II. Impact

A remote unauthenticated attacker within 802.11 radio range may be able to create a denial-of-service condition by crashing a vulnerable system.

III. Solution

Upgrade

Apple has issued an upgrade to address this issue. See or Apple Security Advisory 2007-01-25 or AirPort Extreme Update 2007-001 for more details.

Disable the Affected Wireless Adapter
Until updates can be applied, turning off the wireless adapter can mitigate this vulnerability. To turn off the wireless card, follow the instructions found in Apple's knowledgebase:

    Turning AirPort off

    Turn your AirPort Card off when you're in situations where radio communication may be prohibited, such as in an airplane or at a hospital.
    1. Open the Internet Connect application and click AirPort in the toolbar.
    2. Click Turn AirPort Off.

    If you have disabled the AirPort port in Network preferences, then your AirPort Card is already turned off. To disable the AirPort port, choose Network Port Configurations from the Show pop-up menu and deselect the AirPort checkbox.


Systems Affected
VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Vulnerable29-Jan-2007

References


http://lists.apple.com/archives/security-announce/2007/Jan/msg00001.html
http://www.apple.com/support/downloads/airportextremeupdate2007001.html
http://en.wikipedia.org/wiki/AirPort#Airport_Extreme_Card
http://projects.info-pull.com/mokb/MOKB-30-11-2006.html
http://docs.info.apple.com/article.html?artnum=305031
http://docs.info.apple.com/article.html?artnum=106227
http://standards.ieee.org/getieee802/download/802.11g-2003.pdf
http://secunia.com/advisories/23159/

Credit

This issue was made public by LMH on the Month of Kernel Bugs website.

This document was written by Ryan Giobbi.

Other Information

Date Public:2006-11-30
Date First Published:2007-02-02
Date Last Updated:2007-02-02
CERT Advisory: 
CVE-ID(s):CVE-2006-6292
NVD-ID(s):CVE-2006-6292
US-CERT Technical Alerts: 
Metric:0.37
Document Revision:13

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader