Security holes in Apple Time Capsule, AirPort Base Station

Apple has released a firmware update with fixes for three documented security vulnerabilities affecting its Time Capsule and AirPort Base Station products.

The vulnerabilities could lead to denial-of-service or information disclosure attacks via specially crafted packets. Details on the vulnerabilities:

  • CVE-2008-2476 - The IPv6 Neighbor Discovery Protocol implementation does not validate the origin of Neighbor Discovery messages. By sending a maliciously crafted message, a remote user may cause a denial of service, observe private network traffic, or inject forged packets. This update addresses the issue by performing additional validation of Neighbor Discovery messages.
  • CVE-2008-0473 - An out-of-bounds memory access issue exists in the handling of PPPoE discovery packets. By sending a maliciously crafted PPPoE discovery packet, a remote user may be able to cause an
    unexpected device shutdown. This update addresses the issue through improved bounds checking.
  • CVE-2008-3530 - When IPv6 support is enabled, IPv6 nodes use ICMPv6 to report errors encountered while processing packets. An implementation issue in the handling of incoming ICMPv6 “Packet Too Big” messages
    may cause an unexpected device shutdown. This update addresses the issue through improved handling of ICMPv6 messages.

Apple says the update (firmware version 7.4.1) is installed into Time Capsule or AirPort Base Station with 802.11n* via AirPort Utility provided with the device.

[Source: zdnet]

0 comments