ID

VAR-200512-0301


CVE

CVE-2005-3714


TITLE

Apple AirPort Remote Denial of Service Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2006-0024 // BID: 16146 // CNNVD: CNNVD-200512-761

DESCRIPTION

The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets. The Apple AirPort device is a wireless access point that provides 802.11 services to network clients.  A denial of service vulnerability exists in Apple AirPort. A malicious network attacker can send a specially crafted message, causing the network interface of the AirPort base station to stop responding. This occurs when the device handles malformed packets. Specific details regarding this issue are not currently known. This record will be updated when more information becomes available. AirPort Express firmware versions prior to 6.3 and AirPort Extreme firmware versions prior to 5.7 are vulnerable. The vulnerability is caused due to an unspecified error in the base station when handling certain network packets. SOLUTION: Apply updated firmware. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=303072 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Credit to Michael Zanetta of NETwork Security Consortium for reporting this issue

Trust: 1.98

sources: NVD: CVE-2005-3714 // CNVD: CNVD-2006-0024 // BID: 16146 // VULHUB: VHN-14922 // PACKETSTORM: 42831 // PACKETSTORM: 42867

AFFECTED PRODUCTS

vendor:applemodel:airport extremescope:eqversion:5.5

Trust: 1.9

vendor:applemodel:airport expressscope:eqversion:6.1

Trust: 1.9

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:applemodel:airport extremescope:neversion:5.7

Trust: 0.3

vendor:applemodel:airport expressscope:neversion:6.3

Trust: 0.3

sources: CNVD: CNVD-2006-0024 // BID: 16146 // CNNVD: CNNVD-200512-761 // NVD: CVE-2005-3714

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-3714
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200512-761
value: MEDIUM

Trust: 0.6

VULHUB: VHN-14922
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-3714
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-14922
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-14922 // CNNVD: CNNVD-200512-761 // NVD: CVE-2005-3714

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.1

sources: VULHUB: VHN-14922 // NVD: CVE-2005-3714

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-761

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200512-761

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-14922

EXTERNAL IDS

db:NVDid:CVE-2005-3714

Trust: 2.7

db:BIDid:16146

Trust: 2.0

db:SECUNIAid:18319

Trust: 1.8

db:SECTRACKid:1015443

Trust: 1.7

db:OSVDBid:22244

Trust: 1.7

db:VUPENid:ADV-2006-0064

Trust: 1.7

db:CNNVDid:CNNVD-200512-761

Trust: 0.7

db:CNVDid:CNVD-2006-0024

Trust: 0.6

db:NSFOCUSid:8379

Trust: 0.6

db:APPLEid:APPLE-SA-2006-01-05

Trust: 0.6

db:PACKETSTORMid:42867

Trust: 0.2

db:VULHUBid:VHN-14922

Trust: 0.1

db:PACKETSTORMid:42831

Trust: 0.1

sources: CNVD: CNVD-2006-0024 // VULHUB: VHN-14922 // BID: 16146 // PACKETSTORM: 42831 // PACKETSTORM: 42867 // CNNVD: CNNVD-200512-761 // NVD: CVE-2005-3714

REFERENCES

url:http://lists.apple.com/archives/security-announce/2006/jan/msg00000.html

Trust: 1.7

url:http://www.securityfocus.com/bid/16146

Trust: 1.7

url:http://www.osvdb.org/22244

Trust: 1.7

url:http://securitytracker.com/id?1015443

Trust: 1.7

url:http://secunia.com/advisories/18319

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0064

Trust: 1.1

url:http://www.frsirt.com/english/advisories/2006/0064

Trust: 0.6

url:http://www.nsfocus.net/vulndb/8379

Trust: 0.6

url:http://www.apple.com/airport/

Trust: 0.3

url:http://www.apple.com/support/airport/

Trust: 0.3

url:http://docs.info.apple.com/article.html?artnum=303072

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/18319/

Trust: 0.1

url:http://www.apple.com/support/downloads/airportexpressfirmwareupdate63formacosx.html

Trust: 0.1

url:http://www.apple.com/support/downloads/airportexpressfirmwareupdate63forwindows.html

Trust: 0.1

url:http://www.apple.com/support/downloads/airportextremefirmwareupdate57forwindows.html

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/4504/

Trust: 0.1

url:http://secunia.com/product/4503/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://www.apple.com/support/downloads/airportextremefirmwareupdate57formacosx.html

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-3714

Trust: 0.1

url:http://www.apple.com/support/security/pgp/

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=61798

Trust: 0.1

sources: VULHUB: VHN-14922 // BID: 16146 // PACKETSTORM: 42831 // PACKETSTORM: 42867 // CNNVD: CNNVD-200512-761 // NVD: CVE-2005-3714

CREDITS

Discovered by Michael Zanetta.

Trust: 0.3

sources: BID: 16146

SOURCES

db:CNVDid:CNVD-2006-0024
db:VULHUBid:VHN-14922
db:BIDid:16146
db:PACKETSTORMid:42831
db:PACKETSTORMid:42867
db:CNNVDid:CNNVD-200512-761
db:NVDid:CVE-2005-3714

LAST UPDATE DATE

2024-11-23T22:57:26.564000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-0024date:2006-01-05T00:00:00
db:VULHUBid:VHN-14922date:2011-03-07T00:00:00
db:BIDid:16146date:2006-01-05T00:00:00
db:CNNVDid:CNNVD-200512-761date:2006-06-05T00:00:00
db:NVDid:CVE-2005-3714date:2024-11-21T00:02:30.300

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-0024date:2006-01-05T00:00:00
db:VULHUBid:VHN-14922date:2005-12-31T00:00:00
db:BIDid:16146date:2006-01-05T00:00:00
db:PACKETSTORMid:42831date:2006-01-06T17:58:29
db:PACKETSTORMid:42867date:2006-01-08T05:28:43
db:CNNVDid:CNNVD-200512-761date:2005-12-31T00:00:00
db:NVDid:CVE-2005-3714date:2005-12-31T05:00:00