Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2007 > Apple Security Advisory: APPLE-SA-2007-01-25 - AirPort Extreme

January 2007

Apple Security Advisory: APPLE-SA-2007-01-25 - AirPort Extreme

ID: 00050
Ref: 47/2007
Date: 26 January 2007:14:30:13
Version: 1
Title: Apple Security Advisory: APPLE-SA-2007-01-25 - AirPort Extreme
Abstract: An out-of-bounds memory read may occur while handling wireless frames. An attacker in local proximity may be able to trigger a system crash by sending a maliciously-crafted frame to an affected system. This issue affects the Core Duo version of Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Other systems, including the Core 2 Duo versions are not affected. This update addresses the issue by performing additional validation of wireless frames. Credit to LMH for reporting this issue.
Vendors affected: Apple
Operating systems affected: Apple
Applications affected: Apple
Title
=====

Apple Security Advisory: APPLE-SA-2007-01-25 - AirPort Extreme

Detail
======

An out-of-bounds memory read may occur while handling wireless frames. An attacker in local proximity may be able to trigger a system crash by sending a maliciously-crafted frame to an affected system. This issue affects the Core Duo version of Mac mini, MacBook, and MacBook Pro computers equipped with wireless.
Other systems, including the Core 2 Duo versions are not affected. This update addresses the issue by performing additional validation of wireless frames. Credit to LMH for reporting this issue.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-01-25 AirPort Extreme Update 2007-001

AirPort Extreme Update 2007-001 is now available. Along with other improvements (see release notes), it also addresses the following security issue:

AirPort
CVE-ID: CVE-2006-6292
Available for: Mac OS X v10.4.8, Mac OS X Server v10.4.8
Impact: Attackers on the wireless network may cause system crashes
Description: An out-of-bounds memory read may occur while handling wireless frames. An attacker in local proximity may be able to trigger a system crash by sending a maliciously-crafted frame to an affected system. This issue affects the Core Duo version of Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Other systems, including the Core 2 Duo versions are not affected. This update addresses the issue by performing additional validation of wireless frames. Credit to LMH for reporting this issue.

AirPort Extreme Update 2007-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web
site: http://www.apple.com/support/downloads/

The download file is named: "AirPortExtremeUpdate2007001.dmg"
Its SHA-1 digest is: 3e2e2ee7d167008e709a454dad41c3547a5153ad

Information will also be posted to the Apple Security Updates web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBRblcRImzP5/bU5rtAQiDywgAicfblylXu93+o4n71K6RA/LFqNWv56Jm
Lu6S8PHVAoUvApXv2ulbELUZIYrPg80FpqvDgNds+II86v+qK++Lrg6tLyhVcJ3W
uCr1zXUARPwiBe6iRn5Ph7nCBJPErDStv5g3BxP1iovcA4clAkgYkdimlTEB4TJq
TsbjjqjUgSZztMuJ8ssIjybiMGrYPrlgrORI6HZSOM0v7VqD9JmY5Wme9gGabEvf
X3SgLs3ULqaqRWxOKxqJVpkHaTugZZroXlHfpdOz+FZlG5AZYG+W12JLUAQKSLa9
uIU1DOpQ8IN2oawjhJGScJXQvODF5bptB0uhM6KN/yE28fUfTyOmPQ==
=/kDW
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |