Date: 06 January 2006
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2006.0007 -- [Win][Mac][OSX]
AirPort firmware update
6 January 2006
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: AirPort
Publisher: Apple
Operating System: Mac OS X
Windows
Impact: Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2005-3714
Original Bulletin: http://docs.info.apple.com/article.html?artnum=303072
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2006-01-05 AirPort firmware update
The following AirPort firmware updates are available:
AirPort Express Firmware Update 6.3 for Mac OS X
AirPort Express Firmware Update 6.3 for Windows
AirPort Extreme Firmware Update 5.7 for Mac OS X
AirPort Extreme Firmware Update 5.7 for Windows
They each provide a security enhancement for the following issue:
CVE-ID: CVE-2005-3714
Impact: AirPort network interface becomes unresponsive
Description: A malicious network attacker that can generate specially
crafted packets may be able to cause an AirPort base station's
network interface to stop responding normally, resulting in a
denial-of-service. This update addresses the issue by discarding
the malformed packets. Credit to Michael Zanetta of NETwork Security
Consortium for reporting this issue.
The AirPort updates may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
AirPort Express Firmware Update 6.3 for Mac OS X
The download file is named: "AirPortExpressFWUpdater.dmg"
Its SHA-1 digest is: 2d6a7c7b35e84fda44e52a7b994ed31a2f8e25d7
AirPort Express Firmware Update 6.3 for Windows
The download file is named: "AirPortExpressFWUpdater.exe"
Its SHA-1 digest is: d8ff8310ef19b5fc4f022091742578ca2cd664d6
AirPort Extreme Firmware Update 5.7 for Mac OS X
The download file is named: "AirPortExtremeFWUpdater.dmg"
Its SHA-1 digest is: 06f0e12b95f27b020e45f616317f8d9e97ca4f76
AirPort Extreme Firmware Update 5.7 for Windows
The download file is named: "AirPortExtremeFWUpdater.exe"
Its SHA-1 digest is: 05b39317a1388b85569e9be1333f85a0019edb39
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.4 (Build 4042)
iQEVAwUBQ72Md4HaV5ucd/HdAQJYhQf9G0sVnQrLwepjS4js0ot5+JXSIYkBlGL9
1rGSJPzmf9azJ+mQVHwyd/+kiw41BeNu6rGDQH5DQKuWtUYDhSfanB09tRWKkJYf
9zABTZkctVU3uSXsdpRDkMnkxoU1z21SDMnsTtpoElEEskWTRcIwJGcByep6zkwu
tD1b3ngeOvIjcuRZmr+186ISffOVcJZNkHgbBONULSQAKfFX0Xc9USaPtIgEErCY
++cOysldQBjObEQazn7zwvBqwCcAQCfqCV6LL+Bb4wX3ZmFuNFhWEel9alsnNMPq
upD+P5k3pQ0+z+PcvySDGfcmBJYBWsi5GLJg5nAIKUWJt97OXLK8Mg==
=6PGu
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQ73Qfyh9+71yA2DNAQI+DgP7BGtwS+V2F6d34PKNqpDt4psPF3rzEm/U
CclxOO+rDOF6m2wm2Xq3NF7qtuhxZiqbcSkw30VkjDIgjegJrR4W8r9bc08jQ+y5
4tQBav/oU7mfTxq00yS+wDxWG+XCnQ4Qy/MUJj+Gw0VYZBdoKLFENg+kJkGHbrZi
be2CRoUJPd0=
=apAR
-----END PGP SIGNATURE-----
|