Sign-up

ID

VAR-201012-0005


CVE

CVE-2009-2189


TITLE

plural Apple Run on product ICMPv6 Service disruption in implementation (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2010-002659

DESCRIPTION

The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets. Apple Time Capsule is a solution that allows Macs and PCs to back up data over a wireless network. AirPort Base Station is a wireless base station. When the base station processes the Router Advertisement (RA) and the Neighbor Discovery (ND) message, there is a resource exhaustion error. The system on the local network sends a large number of RA and ND messages, which may cause all resources of the base station to be consumed and automatically started. An attacker can exploit this issue to cause an affected device to restart, triggering a denial-of-service condition for legitimate users. NOTE: This issue was previously discussed in BID 45466 (Apple Time Capsule and AirPort Base Station Multiple Remote Vulnerabilities) but has been given its own record to better document it. Time Capsule is a backup tool developed by Apple, specially designed for Time Machine of Mac system. By sending a maliciously crafted SNMPv3 packet, an attacker may cause the SNMP server to terminate, denying service to legitimate clients. By default, the 'WAN SNMP' configuration option is disabled, and the SNMP service is accessible only to other devices on the local network. This issue is addressed by applying the Net-SNMP patches. This issue is addressed by rate limiting incoming ICMPv6 packets. Credit to Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed Co., Shirahata Shin and Rodney Van Meter of Keio University, and Tatuya Jinmei of Internet Systems Consortium, Inc. for reporting this issue. An attacker with write access to an FTP server inside the NAT may issue a malicious PORT command, causing the ALG to send attacker-supplied data to an IP and port behind the NAT. As the data is resent from the Base Station, it could potentially bypass any IP-based restrictions for the service. This issue is addressed by not rewriting inbound PORT commands via the ALG. Credit to Sabahattin Gucukoglu for reporting this issue. This issue is addressed through improved validation of fragmented ISAKMP packets. Sending a maliciously crafted DHCP reply to the device may cause it to stop responding to network traffic. This issue affects devices that have been configured to act as a bridge, or are configured in Network Address Translation (NAT) mode with a default host enabled. By default, the device operates in NAT mode, and no default host is configured. This update addresses the issue through improved handling of DHCP packets on the network bridge. Credit to Stefan R. Filipek for reporting this issue. It is recommended that AirPort Utility 5.5.2 be installed before upgrading to Firmware version 7.5.2. AirPort Utility 5.5.2 may be obtained through Apple's Software Download site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJNCWXyAAoJEGnF2JsdZQeevTQH/0856gTUzzmL371/nSkhn3qq MCPQVaEMe8O/jy96nlskwzp3X0X0QmXePok1enp6QhDhHm0YL3a4q7YHd4zjm6mM JUoVR4JJRSKOb1bVdEXqo+qG/PH7/5ywfrGas+MjOshMa3gnhYVee39N7Xtz0pHD 3ZllZRwGwad1sQLL7DhJKZ92z6t2GfHoJyK4LZNemkQAL1HyUu7Hj9SlljcVB+Ub xNnpmBXJcCZzp4nRQM+fbLf6bdZ1ua5DTc1pXC8vETtxyHc53G/vLCu8SKBnTBlK JmkpGwG5fXNuYLL8ArFUuEu3zhE7kfdeftUrEez3YeL2DgU9iB8m8RkuuSrVJEY= =WPH8 -----END PGP SIGNATURE-----

Trust: 2.61

sources: NVD: CVE-2009-2189 // JVNDB: JVNDB-2010-002659 // CNVD: CNVD-2010-3271 // BID: 45490 // VULHUB: VHN-39635 // PACKETSTORM: 96766

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-3271

AFFECTED PRODUCTS

vendor:applemodel:airport express base stationscope:eqversion:7.4.1

Trust: 1.6

vendor:applemodel:airport express base stationscope:eqversion:6.1

Trust: 1.6

vendor:applemodel:airport express base stationscope:eqversion:3.84

Trust: 1.6

vendor:applemodel:airport express base stationscope:eqversion:4.0.9

Trust: 1.6

vendor:applemodel:airport extreme base stationscope:eqversion:5.7

Trust: 1.6

vendor:applemodel:airport extreme base stationscope:eqversion:5.5

Trust: 1.6

vendor:applemodel:airport express base stationscope:eqversion:7.3.2

Trust: 1.6

vendor:applemodel:airport express base stationscope:eqversion:6.3

Trust: 1.6

vendor:applemodel:time capsulescope: - version: -

Trust: 1.4

vendor:applemodel:airport expressscope:eqversion:*

Trust: 1.0

vendor:applemodel:time capsulescope:eqversion:*

Trust: 1.0

vendor:applemodel:airport extremescope:eqversion:*

Trust: 1.0

vendor:applemodel:airport express base stationscope:lteversion:7.4.2

Trust: 1.0

vendor:applemodel:time capsulescope:eqversion:7.4.1

Trust: 0.9

vendor:applemodel:time capsulescope:eqversion:7.4.2

Trust: 0.9

vendor:applemodel:time capsulescope:eqversion:7.5

Trust: 0.9

vendor:applemodel:airport extremescope:eqversion:7.0

Trust: 0.9

vendor:applemodel:airport extremescope:eqversion:7.1

Trust: 0.9

vendor:applemodel:airport extremescope:eqversion:7.5

Trust: 0.9

vendor:applemodel:airport extremescope:eqversion:5.5

Trust: 0.9

vendor:applemodel:airport extremescope:eqversion:5.7

Trust: 0.9

vendor:applemodel:airport extremescope:eqversion:7.2.1

Trust: 0.9

vendor:applemodel:airport extremescope:eqversion:7.3.1

Trust: 0.9

vendor:applemodel:airport extremescope:eqversion:7.4.2

Trust: 0.9

vendor:applemodel:airport extreme base station with 802.11nscope:eqversion:7.4.1

Trust: 0.9

vendor:applemodel:airmac expressscope:eqversion:base station (802.11n)

Trust: 0.8

vendor:applemodel:airmac extremescope:eqversion:base station (802.11n)

Trust: 0.8

vendor:applemodel:airport extreme base stationscope: - version: -

Trust: 0.6

vendor:applemodel:airport extremescope: - version: -

Trust: 0.6

vendor:applemodel:airport express base stationscope:eqversion:7.4.2

Trust: 0.6

vendor:applemodel:time capsulescope:eqversion:0

Trust: 0.3

vendor:applemodel:airport extreme base stationscope:eqversion:0

Trust: 0.3

vendor:applemodel:airport extremescope:eqversion:5.4.1

Trust: 0.3

vendor:applemodel:airport extremescope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:airport extremescope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:airport extremescope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:airport extremescope:eqversion:5.4+

Trust: 0.3

vendor:applemodel:airport extremescope:eqversion:0

Trust: 0.3

vendor:applemodel:airport express base station with 802.11nscope:eqversion:7.4.1

Trust: 0.3

vendor:applemodel:airport expressscope:eqversion:0

Trust: 0.3

vendor:applemodel:time capsulescope:neversion:7.5.2

Trust: 0.3

vendor:applemodel:airport extreme base station with 802.11nscope:neversion:7.5.2

Trust: 0.3

vendor:applemodel:airport express base station with 802.11nscope:neversion:7.5.2

Trust: 0.3

sources: CNVD: CNVD-2010-3271 // BID: 45490 // JVNDB: JVNDB-2010-002659 // CNNVD: CNNVD-201012-269 // NVD: CVE-2009-2189

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2189
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-2189
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201012-269
value: MEDIUM

Trust: 0.6

VULHUB: VHN-39635
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-2189
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39635
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39635 // JVNDB: JVNDB-2010-002659 // CNNVD: CNNVD-201012-269 // NVD: CVE-2009-2189

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-39635 // JVNDB: JVNDB-2010-002659 // NVD: CVE-2009-2189

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201012-269

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201012-269

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002659

PATCH
title:HT4298url:http://support.apple.com/kb/HT4298
Trust: 0.8
title:HT4298url:http://support.apple.com/kb/HT4298?viewlocale=ja_JP
Trust: 0.8
title:Apple Time Capsule/AirPort Base Station has a patch for resource exhaustion error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/2144
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2010-3271 // 
            
            
            
            JVNDB: JVNDB-2010-002659

EXTERNAL IDS
db:NVDid:CVE-2009-2189
Trust: 3.5
db:SECTRACKid:1024907
Trust: 1.9
db:JVNDBid:JVNDB-2010-002659
Trust: 0.8
db:CNNVDid:CNNVD-201012-269
Trust: 0.7
db:CNVDid:CNVD-2010-3271
Trust: 0.6
db:APPLEid:APPLE-SA-2010-12-16-1
Trust: 0.6
db:BIDid:45490
Trust: 0.4
db:VULHUBid:VHN-39635
Trust: 0.1
db:PACKETSTORMid:96766
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-3271 // 
            
            
            
            VULHUB: VHN-39635 // 
            
            
            
            BID: 45490 // 
            
            
            
            JVNDB: JVNDB-2010-002659 // 
            
            
            
            PACKETSTORM: 96766 // 
            
            
            
            CNNVD: CNNVD-201012-269 // 
            
            
            
            NVD: CVE-2009-2189

REFERENCES
url:http://support.apple.com/kb/ht4298
Trust: 2.3
url:http://www.securitytracker.com/id?1024907
Trust: 1.9
url:http://lists.apple.com/archives/security-announce/2010//dec/msg00001.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2189
Trust: 0.8
url:http://jvn.jp/cert/jvnvu545319
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2189
Trust: 0.8
url:http://software.cisco.com/download/navigator.html?mdfid=283613663
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2008-4309
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-2189
Trust: 0.1
url:http://www.apple.com/support/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-1804
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0039
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-1574
Trust: 0.1
url:http://support.apple.com/kb/ht1222
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-3271 // 
            
            
            
            VULHUB: VHN-39635 // 
            
            
            
            BID: 45490 // 
            
            
            
            JVNDB: JVNDB-2010-002659 // 
            
            
            
            PACKETSTORM: 96766 // 
            
            
            
            CNNVD: CNNVD-201012-269 // 
            
            
            
            NVD: CVE-2009-2189

CREDITS
Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed Co., Shirahata Shin and Rodney Van Meter of Keio University, and Tatuya Jinmei of Internet Systems Consortium, Inc.
Trust: 0.3
sources:
            
            
            BID: 45490

SOURCES
db:CNVDid:CNVD-2010-3271
db:VULHUBid:VHN-39635
db:BIDid:45490
db:JVNDBid:JVNDB-2010-002659
db:PACKETSTORMid:96766
db:CNNVDid:CNNVD-201012-269
db:NVDid:CVE-2009-2189

LAST UPDATE DATE
2025-04-11T21:57:40.149000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-3271date:2010-12-17T00:00:00
db:VULHUBid:VHN-39635date:2011-01-19T00:00:00
db:BIDid:45490date:2010-12-16T00:00:00
db:JVNDBid:JVNDB-2010-002659date:2011-01-20T00:00:00
db:CNNVDid:CNNVD-201012-269date:2010-12-23T00:00:00
db:NVDid:CVE-2009-2189date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-3271date:2010-12-17T00:00:00
db:VULHUBid:VHN-39635date:2010-12-22T00:00:00
db:BIDid:45490date:2010-12-16T00:00:00
db:JVNDBid:JVNDB-2010-002659date:2011-01-20T00:00:00
db:PACKETSTORMid:96766date:2010-12-17T07:46:59
db:CNNVDid:CNNVD-201012-269date:2010-12-23T00:00:00
db:NVDid:CVE-2009-2189date:2010-12-22T03:00:01.347