ESB-2017.3185 - [Appliance] Apple AirPort Base Station (with 802.11ac): Multiple vulnerabilities 2017-12-13

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.3185
                AirPort Base Station Firmware Update 7.7.9
                             13 December 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apple AirPort Base Station (with 802.11ac)
Publisher:         Apple
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Access Privileged Data          -- Remote/Unauthenticated      
                   Provide Misleading Information  -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-13080 CVE-2017-13078 CVE-2017-13077
                   CVE-2017-9417  

Original Bulletin: 
   https://support.apple.com/en-au/HT208354

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update 7.7.9

AirPort Base Station Firmware Update 7.7.9 is now available and
addresses the following:

AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations
with 802.11ac
Impact: An attacker within range may be able to execute arbitrary
code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations
with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
unicast/PTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations
with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

Installation note:

Firmware version 7.7.9 is installed on AirPort Extreme or
AirPort Time Capsule base stations with 802.11ac using
AirPort Utility for Mac or iOS.

AirPort Utility for Mac is a free download from
https://support.apple.com/downloads/ and AirPort Utility for iOS
is a free download from the App Store.
- -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlowGCIpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaeLxAA
kulHMKbWoRlguzlQWGhdS4hXLD02MvBz0Sc8NGCyp66N+THvc+uBnbfo283E+z01
eL7gqpMGgJ5cs7EVCCGtHMreg330d+9IiiSgbB2GZxddyc8pKymhYPstKtJazTWa
4NvnBCW2pzcmDieAyuhKRVxvqKRbTHsc0qfPPyKIB8KIh4L6KlcOWrdxbLK02qxi
5I7jEh5U41v3Z1ZXdmypqwM7M/Pur6IMmR4fHeA4fxH0BVq6uyiG88mOkfk3QHSJ
hHafQSQraPrmDbFvDB4hUZs/0rXPWcQ0FoQupMhcE2tgzc4/AL1BPYrkymEp9Y5J
bpKfOFCrRKSoqNs7vyq7BmWohwkXao427USAMNTwNsC8eANtVtYSVgINaw+vzt6d
xvNN6uul88v36Ta5EKHgAcV8uhcv83VH7NLzHJzdsHAychN+FsOVlXSgUNFM6S4a
n6/7HgZIGFPhSnkyywryax+9YrEkSaa9z1lFnhpMjwNLt1VGU6bUvpfLlNQS39L0
6YkY/qqlGdrI3OYBUae01oopK35rJi9S+kpTy/09eIb99s72aJHwrXr93UYJJlxg
pYFtiucmkQJCOa048OsK3MFBr65F5scDMdTQlePThnjc5XFVP5/H1zWEHtOvVMO2
6iDe0wzR8ykyW2/o4Jv0w4cgLCiEyjsjWh95F1uyDLo=
=ri7s
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWjC5Dox+lLeg9Ub1AQijoQ/9FRKnszsJVJgh4cx/TLCyki0qS7tzoVyD
2ph/rGWH8CRpN35hm+RxyU4WCOhMFMLkCliVAv/n2BVwCVZN1ji2FOxBipiuSPv5
nbazMwm2dPIe8Ap3M7bpmBFCOzAW5rN54XceP+6WBFwcywtKqgHKxGP4kTrCVpV1
Svzm1tomI5RujP2/e3SPwuxsVxRcZmC86itGmYaMAH0Un8oAqgdQClqZFuX3HH1y
K6X1xmi3m4dHl7o7kGCWL72MnHyJrRr6mol7C9RjoO/KidbrYOTOKaFns2n+V3Vj
fiNpxSSjbzJ5mcxtbdCXH4Wt3VrRqXgLkdMQt7AUlMSdMS3ak0aXjr/wfHH9zRfG
OF8eKMkVw0DL8b4zhSBQtdFmEykpHhuNyv7nL3YF+R3VjVVNKeP5c2f6FTOX+tQj
e//CBqkhec31yEPvfyPyjyqu8wyMoJzZUSVEd2GNJxiQJX2npJKYA/4Cot16v40r
vTlbj9t3EbipnyUMCze302TjVv6YJLOGStA/c/KouJ/Jh6AS12DMrWCs2FzGhNNw
NCjggIrn52B/l+HlxnCBEVmJ+4zcm8HMz45gh/KsL+1gUHi2ticEZA+INf7NsNam
IltYq1sd1JJRme7U4LEU2VHPuQHLX6l8uHhVtyyCc0dRZvVvYmS3ZMzPqZZW0GYd
BAowGTDQoNQ=
=Gt8o
-----END PGP SIGNATURE-----

« Back to bulletins