-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2010-12-16-1 Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 is now available and addresses the following: CVE-ID: CVE-2008-4309 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: A remote attacker may terminate the operation of the SNMP service Description: An integer overflow exists in the netsnmp_create_subtree_cache function. By sending a maliciously crafted SNMPv3 packet, an attacker may cause the SNMP server to terminate, denying service to legitimate clients. By default, the 'WAN SNMP' configuration option is disabled, and the SNMP service is accessible only to other devices on the local network. This issue is addressed by applying the Net-SNMP patches. CVE-ID: CVE-2009-2189 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: Receiving a large number of IPv6 Router Advertisement (RA) and Neighbor Discovery (ND) packets from a system on the local network may cause the base station to restart Description: A resource consumption issue exists in the base station's handling of Router Advertisement (RA) and Neighbor Discovery (ND) packets. A system on the local network may send a large number of RA and ND packets that could exhaust the base station's resources, causing it to restart unexpectedly. This issue is addressed by rate limiting incoming ICMPv6 packets. Credit to Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed Co., Shirahata Shin and Rodney Van Meter of Keio University, and Tatuya Jinmei of Internet Systems Consortium, Inc. for reporting this issue. CVE-ID: CVE-2010-0039 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: An attacker may be able to query services behind an AirPort Base Station or Time Capsule's NAT from the source IP of the router, if any system behind the NAT has a portmapped FTP server Description: The AirPort Extreme Base Station and Time Capsule's Application-Level Gateway (ALG) rewrites incoming FTP traffic, including PORT commands, to appear as if it is the source. An attacker with write access to an FTP server inside the NAT may issue a malicious PORT command, causing the ALG to send attacker-supplied data to an IP and port behind the NAT. As the data is resent from the Base Station, it could potentially bypass any IP-based restrictions for the service. This issue is addressed by not rewriting inbound PORT commands via the ALG. Credit to Sabahattin Gucukoglu for reporting this issue. CVE-ID: CVE-2009-1574 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: A remote attacker may be able to cause a denial of service Description: A null pointer dereference in racoon's handling of fragmented ISAKMP packets may allow a remote attacker to cause an unexpected termination of the racoon daemon. This issue is addressed through improved validation of fragmented ISAKMP packets. CVE-ID: CVE-2010-1804 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: A remote attacker may cause the device to stop processing network traffic Description: An implementation issue exists in the network bridge. Sending a maliciously crafted DHCP reply to the device may cause it to stop responding to network traffic. This issue affects devices that have been configured to act as a bridge, or are configured in Network Address Translation (NAT) mode with a default host enabled. By default, the device operates in NAT mode, and no default host is configured. This update addresses the issue through improved handling of DHCP packets on the network bridge. Credit to Stefan R. Filipek for reporting this issue. Installation note for Firmware version 7.5.2 Firmware version 7.5.2 is installed into Time Capsule or AirPort Base Station with 802.11n via AirPort Utility, provided with the device. It is recommended that AirPort Utility 5.5.2 be installed before upgrading to Firmware version 7.5.2. AirPort Utility 5.5.2 may be obtained through Apple's Software Download site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJNCWXyAAoJEGnF2JsdZQeevTQH/0856gTUzzmL371/nSkhn3qq MCPQVaEMe8O/jy96nlskwzp3X0X0QmXePok1enp6QhDhHm0YL3a4q7YHd4zjm6mM JUoVR4JJRSKOb1bVdEXqo+qG/PH7/5ywfrGas+MjOshMa3gnhYVee39N7Xtz0pHD 3ZllZRwGwad1sQLL7DhJKZ92z6t2GfHoJyK4LZNemkQAL1HyUu7Hj9SlljcVB+Ub xNnpmBXJcCZzp4nRQM+fbLf6bdZ1ua5DTc1pXC8vETtxyHc53G/vLCu8SKBnTBlK JmkpGwG5fXNuYLL8ArFUuEu3zhE7kfdeftUrEez3YeL2DgU9iB8m8RkuuSrVJEY= =WPH8 -----END PGP SIGNATURE-----