CVE-2009-2189:airport_express, airport_express_base_station_firmware, airport_extreme, airport_...: The ICMPv6 implementation on the Apple Time Capsule...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2009-2189

airport_express, airport_express_base_station_firmware, airport_extreme, airport_...: The ICMPv6 implementation on the Apple Time Capsule...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2189

Original

The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-12-22

Source Information Category:

Advisory, Alert

Last Updated:

2010-12-22

Affected Product Tags

cpe:/h:apple:airport_express

cpe:/h:apple:airport_express_base_station_firmware:3.84

cpe:/h:apple:airport_express_base_station_firmware:4.0.9

cpe:/h:apple:airport_express_base_station_firmware:6.1

cpe:/h:apple:airport_express_base_station_firmware:6.3

cpe:/h:apple:airport_express_base_station_firmware:7.3.2

cpe:/h:apple:airport_express_base_station_firmware:7.4.1

cpe:/h:apple:airport_express_base_station_firmware:7.4.2 and previous versions

cpe:/h:apple:airport_extreme

cpe:/h:apple:airport_extreme_base_station_firmware:5.5

cpe:/h:apple:airport_extreme_base_station_firmware:5.7

cpe:/h:apple:time_capsule

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

APPLE APPLE-SA-2010-12-16-1

CONFIRM http://support.apple.com/kb/HT4298

Vulnerability Type Resource Management Errors (CWE-399)