CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:N/I:N/A:C
EPSS
Percentile
87.2%
A vulnerability exists in the Apple AirPort Extreme wireless driver that may allow an attacker to crash a vulnerable system.
The Apple AirPort Extreme adapter is an 802.11g compatible wireless adapter used in Apple OS X laptops and desktops.
A flaw exists in the way AirPort Extreme wireless drivers handle certain malformed 802.11 frames which may result in an out-of-bounds memory access. This flaw results in a vulnerability that could allow an attacker to cause a kernel panic on a vulnerable system.
To exploit this vulnerability an attacker would need to send a specially crafted 802.11 frame to a vulnerable system. Since 802.11b and 802.11g management frames are not encrypted, using wireless encryption (WEP/WPA) may not mitigate this vulnerability.
Per Apple Security Advisory 2007-01-25, the Core Duo version of Mac mini, MacBook, and MacBook Pro computers are affected by this vulnerability.
A remote unauthenticated attacker within 802.11 radio range may be able to create a denial-of-service condition by crashing a vulnerable system.
Upgrade
Apple has issued an upgrade to address this issue. See or Apple Security Advisory 2007-01-25 or AirPort Extreme Update 2007-001 for more details.
Disable the Affected Wireless Adapter
Until updates can be applied, turning off the wireless adapter can mitigate this vulnerability. To turn off the wireless card, follow the instructions found in Apple’s knowledgebase:
Turning AirPort off
Turn your AirPort Card off when you're in situations where radio communication may be prohibited, such as in an airplane or at a hospital.
1.\tOpen the Internet Connect application and click AirPort in the toolbar.
2.\tClick Turn AirPort Off.
If you have disabled the AirPort port in Network preferences, then your AirPort Card is already turned off. To disable the AirPort port, choose Network Port Configurations from the Show pop-up menu and deselect the AirPort checkbox.
583552
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: January 29, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://lists.apple.com/archives/security-announce/2007/Jan/msg00001.html> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23583552 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This issue was made public by LMH on the Month of Kernel Bugs website.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2006-6292 |
---|---|
Severity Metric: | 0.37 Date Public: |
docs.info.apple.com/article.html?artnum=106227
docs.info.apple.com/article.html?artnum=305031
en.wikipedia.org/wiki/AirPort#Airport_Extreme_Card
lists.apple.com/archives/security-announce/2007/Jan/msg00001.html
projects.info-pull.com/mokb/MOKB-30-11-2006.html
secunia.com/advisories/23159/
standards.ieee.org/getieee802/download/802.11g-2003.pdf
www.apple.com/support/downloads/airportextremeupdate2007001.html