CVE-2005-3714
CVSS5.0
发布时间 :2005-12-31 00:00:00
修订时间 :2011-03-07 00:00:00
NMCOPS    

[原文]The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets.


[CNNVD]Apple AirPort远程拒绝服务漏洞(CNNVD-200512-761)

        Apple AirPort设备是一款无线访问接入点,可为网络客户端提供802.11服务。
        Apple AirPort中存在拒绝服务漏洞。恶意的网络攻击者可以发送特制的报文,导致AirPort基站的网络接口停止响应。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

cpe:/h:apple:airport_express:6.1Apple AirPort Express 6.1
cpe:/h:apple:airport_extreme:5.5Apple AirPort Extreme 5.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3714
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3714
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-761
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/16146
(PATCH)  BID  16146
http://www.osvdb.org/22244
(PATCH)  OSVDB  22244
http://securitytracker.com/id?1015443
(PATCH)  SECTRACK  1015443
http://secunia.com/advisories/18319
(VENDOR_ADVISORY)  SECUNIA  18319
http://lists.apple.com/archives/security-announce/2006/Jan/msg00000.html
(PATCH)  APPLE  APPLE-SA-2006-01-05
http://www.vupen.com/english/advisories/2006/0064
(VENDOR_ADVISORY)  VUPEN  ADV-2006-0064

- 漏洞信息

Apple AirPort远程拒绝服务漏洞
中危 其他
2005-12-31 00:00:00 2006-06-05 00:00:00
远程  
        Apple AirPort设备是一款无线访问接入点,可为网络客户端提供802.11服务。
        Apple AirPort中存在拒绝服务漏洞。恶意的网络攻击者可以发送特制的报文,导致AirPort基站的网络接口停止响应。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=09301&cat=1&platform=osx&method=sa/AirPortExtremeFWUpdater.dmg

- 漏洞信息 (F42867)

Apple Security Advisory 2006-01-05 (PacketStormID:F42867)
2006-01-08 00:00:00
Apple  apple.com
advisory
CVE-2005-3714
[点击下载]

A malicious network attacker that can generate specially crafted packets may be able to cause an AirPort base station's network interface to stop responding normally, resulting in a denial-of-service.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2006-01-05 AirPort firmware update

The following AirPort firmware updates are available:

AirPort Express Firmware Update 6.3 for Mac OS X
AirPort Express Firmware Update 6.3 for Windows
AirPort Extreme Firmware Update 5.7 for Mac OS X
AirPort Extreme Firmware Update 5.7 for Windows

They each provide a security enhancement for the following issue:

CVE-ID: CVE-2005-3714

Impact: AirPort network interface becomes unresponsive

Description: A malicious network attacker that can generate specially
crafted packets may be able to cause an AirPort base station's
network interface to stop responding normally, resulting in a
denial-of-service. This update addresses the issue by discarding
the malformed packets. Credit to Michael Zanetta of NETwork Security
Consortium for reporting this issue.

The AirPort updates may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

AirPort Express Firmware Update 6.3 for Mac OS X
The download file is named:  "AirPortExpressFWUpdater.dmg"
Its SHA-1 digest is:  2d6a7c7b35e84fda44e52a7b994ed31a2f8e25d7

AirPort Express Firmware Update 6.3 for Windows
The download file is named:  "AirPortExpressFWUpdater.exe"
Its SHA-1 digest is:  d8ff8310ef19b5fc4f022091742578ca2cd664d6

AirPort Extreme Firmware Update 5.7 for Mac OS X
The download file is named:  "AirPortExtremeFWUpdater.dmg"
Its SHA-1 digest is:  06f0e12b95f27b020e45f616317f8d9e97ca4f76

AirPort Extreme Firmware Update 5.7 for Windows
The download file is named:  "AirPortExtremeFWUpdater.exe"
Its SHA-1 digest is:  05b39317a1388b85569e9be1333f85a0019edb39

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.4 (Build 4042)

iQEVAwUBQ72Md4HaV5ucd/HdAQJYhQf9G0sVnQrLwepjS4js0ot5+JXSIYkBlGL9
1rGSJPzmf9azJ+mQVHwyd/+kiw41BeNu6rGDQH5DQKuWtUYDhSfanB09tRWKkJYf
9zABTZkctVU3uSXsdpRDkMnkxoU1z21SDMnsTtpoElEEskWTRcIwJGcByep6zkwu
tD1b3ngeOvIjcuRZmr+186ISffOVcJZNkHgbBONULSQAKfFX0Xc9USaPtIgEErCY
++cOysldQBjObEQazn7zwvBqwCcAQCfqCV6LL+Bb4wX3ZmFuNFhWEel9alsnNMPq
upD+P5k3pQ0+z+PcvySDGfcmBJYBWsi5GLJg5nAIKUWJt97OXLK8Mg==
=6PGu
-----END PGP SIGNATURE-----

    

- 漏洞信息

22244
Apple AirPort Extreme Base Station Crafted Packet Network Interface DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability
Exploit Unknown

- 漏洞描述

Apple Airport Extreme Base Stations contains a flaw that may allow a remote denial of service. The issue is triggered when a crafted packet is received on the network interface, and will result in loss of availability for users of the wireless network.

- 时间线

2006-01-05 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 5.7 or 6.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Apple AirPort Remote Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 16146
Yes No
2006-01-05 12:00:00 2006-01-05 12:00:00
Discovered by Michael Zanetta.

- 受影响的程序版本

Apple AirPort Extreme Firmware 5.5
Apple AirPort Express Firmware 6.1
Apple AirPort Extreme Firmware 5.7
Apple AirPort Express Firmware 6.3

- 不受影响的程序版本

Apple AirPort Extreme Firmware 5.7
Apple AirPort Express Firmware 6.3

- 漏洞讨论

Apple AirPort firmware is prone to a denial of service condition. This occurs when the device handles malformed packets.

Specific details regarding this issue are not currently known. This record will be updated when more information becomes available.

AirPort Express firmware versions prior to 6.3 and AirPort Extreme firmware versions prior to 5.7 are vulnerable.

- 漏洞利用

An exploit is not required.

- 解决方案

Apple has released advisory APPLE-SA-2006-01-05 and fixes to address this issue:


Apple AirPort Extreme Firmware 5.5

Apple AirPort Express Firmware 6.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站