Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2006.0688 -- [OSX] AirPort Update 2006-001 and Security Update 2006-005 22 September 2006 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: AirPort Wireless Driver Publisher: Apple Operating System: Mac OS X Server 10.3.9 Mac OS X Server 10.4.7 Mac OS X 10.3.9 Mac OS X 10.4.7 Impact: Root Compromise Execute Arbitrary Code/Commands Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2006-3509 CVE-2006-3508 CVE-2006-3507 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2006-09-21 AirPort Update 2006-001 and Security Update 2006-005 The security fixes described below are available in AirPort Update 2006-001 and Security Update 2006-005. AirPort Update 2006-001 contains an additional non-security fix to address a reliability issue that occurs on a limited number of MacBook Pro systems. AirPort CVE-ID: CVE-2006-3507 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Attackers on the wireless network may cause arbitrary code execution Description: Two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network. When the AirPort card is on, this could lead to arbitrary code execution with system privileges. This issue affects Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected. There is no known exploit for this issue. This update addresses the issues by performing additional validation of wireless frames. AirPort CVE-ID: CVE-2006-3508 Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Attackers on the wireless network may cause system crashes, privilege elevation, or arbitrary code execution Description: A heap buffer overflow exists in the AirPort wireless driver's handling of scan cache updates. An attacker in local proximity may be able to trigger the overflow by injecting a maliciously-crafted frame into the wireless network. This could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issue by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4. AirPort CVE-ID: CVE-2006-3509 Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Depending upon third-party wireless software in use, attackers on the wireless network may cause crashes or arbitrary code execution Description: An integer overflow exists in the AirPort wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage. No applications are known to be affected at this time. If an application is affected, then an attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into the wireless network. This may cause crashes or lead to arbitrary code execution with the privileges of the user running the application. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issues by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4. AirPort Update 2006-001 and Security Update 2006-005 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either AirPort Update 2006-001 or Security Update 2006-005. For Mac OS X v10.4.7 Build 8J2135 or 8J2135a The download file is named: "AirPortUpdate2006001.dmg" Its SHA-1 digest is: 94855a341c05344dab4f965c595c7149352d2617 For Mac OS X v10.4.7 Build 8J135 For Mac OS X Server v10.4.7 Build 8J135 The download file is named: "SecUpd2006-005Ti.dmg" Its SHA-1 digest is: 32877c48193aa070c6e379bdec580b8d4a5c3ccc For Mac OS X v10.4.7 Build 8K1079, 8K1106, 8K1123, or 8K1124 For Mac OS X Server v10.4.7 Build 8K1079 The download file is named: "SecUpd2006-005Univ.dmg" Its SHA-1 digest is: fc1de2d328f41b74fa43cdc72af579618a05cc43 For Mac OS X v10.3.9 or Mac OS X Server v10.3.9 The download file is named: "SecUpd2006-005Pan.dmg" Its SHA-1 digest is: e382c31989061772a7fae7bdab55efdebfdc8e1b For Mac OS X v10.3.9 and Mac OS X Server v10.3.9 systems, if the Software Update utility does not present Security Update 2006-005, the following two updates need to be installed: AirPort 4.2 http://www.apple.com/support/downloads/airport42formacosx1033.html AirPort Extreme Driver Update 2005-001 http://www.apple.com/support/downloads/ airportextremedriverupdate2005001.html Information will also be posted to the Apple Security Updates web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQEVAwUBRRLo84mzP5/bU5rtAQiu4wf/WQvis/Vi9dO/4EUjSMpJI/tkCRzLKgKQ ahMxAL+gni4ysbSNizQ6GhDJbZqVMMglW8kwcNdhPrcitIKfrNzCFjjmDmqU05t8 8r6ZkZeaZdG4y9F8XalSM1wZ2mmGvahDYmROug34e+4CahybJurWalFYYRwvnM09 uRDm7IYu/MItMTs/gi2BSJMIBQZPjyWCaj8FkDazSPOZ26W2Z5lchVy9qgQcV7Cp +rWDN96ADYUxRwWRNL8bS/OZGmraxrl2MUFUnATTAgFtJN2FMTKAnNMBfxhpCwT9 2sSK5EF+ui8zTEjtDbU+11d+jzqtV0CRbWvsR1wCbXJpFS+5VVW2Xg== =L77K - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRRNiCyh9+71yA2DNAQLsbwQAkM13A9I5rt4/wD4+r5E5E/FUrvJJcnJm XsXr6PhnXRekfBQFhdME5zcmhP/vUk85lTVB4+sT0K6nHi/DitmLm8tVMBGp/zan 9QNmkrkwL47ivZRv74k9lJm3pkA8xgL7VbTE5VYKQWntHdFSApUTPkgP+ditd4oH JhOgOj8yxbw= =vJGs -----END PGP SIGNATURE-----