Apple AirPort wireless drivers vulnerable to integer overflow
2006-09-22T00:00:00
ID VU:563492 Type cert Reporter CERT Modified 2006-11-01T00:00:00
Description
Overview
An integer overflow exists in the Apple AirPort wireless drivers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition.
Description
According to Apple,
An integer overflow exists in the AirPort wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage.
Note that the attacker needs to have 802.11 wireless connectivity to the vulnerable system to exploit this vulnerability. If successfully exploited, an attacker may be able to execute arbitrary code with user-level privileges.
It is important to note that because the vulnerability exists at a lower network layer than TCP/IP, software firewalls, anti-virus software, and host-based IDS or IPS systems may not protect against this vulnerability.
For information on affected versions of OS X refer to Apple Security Update 2006-005.
Impact
An unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the user running an application using the affected API or cause that application to crash.
Solution
Apply updates from Apple
Apple has released updates to address this issue. See Apple Security Update 2006-005 for more details.
Disable the Affected Wireless Adapter
Turning off the wireless adapter can mitigate this vulnerability. To turn off the wireless card, follow the instructions found in Apple's Knowledgebase:
Turning AirPort off
Turn your AirPort Card off when you're in situations where radio communication may be prohibited, such as in an airplane or at a hospital. 1. Open the Internet Connect application and click AirPort in the toolbar. 2. Click Turn AirPort Off.
If you have disabled the AirPort port in Network preferences, then your AirPort Card is already turned off. To disable the AirPort port, choose Network Port Configurations from the Show pop-up menu and deselect the AirPort checkbox.
Systems Affected
Vendor| Status| Date Notified| Date Updated
---|---|---|---
Apple Computer, Inc.| | -| 22 Sep 2006
If you are a vendor and your product is affected, let us know.
{"id": "VU:563492", "bulletinFamily": "info", "title": "Apple AirPort wireless drivers vulnerable to integer overflow", "description": "### Overview\n\nAn integer overflow exists in the Apple AirPort wireless drivers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition.\n\n### Description\n\nAccording to Apple, \n\n_An integer overflow exists in the AirPort wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage._ \nNote that the attacker needs to have 802.11 wireless connectivity to the vulnerable system to exploit this vulnerability. If successfully exploited, an attacker may be able to execute arbitrary code with user-level privileges. \n \nIt is important to note that because the vulnerability exists at a lower network layer than TCP/IP, software firewalls, anti-virus software, and host-based IDS or IPS systems may not protect against this vulnerability. \n \nFor information on affected versions of OS X refer to Apple Security Update [2006-005](<http://docs.info.apple.com/article.html?artnum=304420>). \n \n--- \n \n### Impact\n\nAn unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the user running an application using the affected API or cause that application to crash. \n \n--- \n \n### Solution\n\n**Apply updates from Apple** \nApple has released updates to address this issue. See Apple Security Update [2006-005](<http://docs.info.apple.com/article.html?artnum=304420>) for more details. \n \n--- \n \n \n**Disable the Affected Wireless Adapter** \n \nTurning off the wireless adapter can mitigate this vulnerability. To turn off the wireless card, follow the instructions found in [Apple's Knowledgebase](<http://docs.info.apple.com/article.html?artnum=166645>)[](<ftp://download.intel.com/support/wireless/wlan/sb/3945abgug.pdf>): \n \n`Turning AirPort off`\n\n`Turn your AirPort Card off when you're in situations where radio communication may be prohibited, such as in an airplane or at a hospital. ` \n`1. Open the Internet Connect application and click AirPort in the toolbar. ` \n`2. Click Turn AirPort Off.`\n\n`If you have disabled the AirPort port in Network preferences, then your AirPort Card is already turned off. To disable the AirPort port, choose Network Port Configurations from the Show pop-up menu and deselect the AirPort checkbox.` \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Computer, Inc.| | -| 22 Sep 2006 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23563492 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html>\n * <http://docs.info.apple.com/article.html?artnum=304420>\n\n### Credit\n\nThis vulnerability was reported in Apple Security Update 2006-005 .\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n * CVE IDs: [CVE-2006-3509](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3509>)\n * Date Public: 21 Sep 2006\n * Date First Published: 22 Sep 2006\n * Date Last Updated: 01 Nov 2006\n * Severity Metric: 21.94\n * Document Revision: 44\n\n", "published": "2006-09-22T00:00:00", "modified": "2006-11-01T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.kb.cert.org/vuls/id/563492", "reporter": "CERT", "references": ["http://docs.info.apple.com/article.html?artnum=304420", "http://docs.info.apple.com/article.html?artnum=304420", "http://docs.info.apple.com/article.html?artnum=304420", "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html", "http://docs.info.apple.com/article.html?artnum=166645", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3509"], "cvelist": ["CVE-2006-3509", "CVE-2006-3509"], "type": "cert", "lastseen": "2018-08-31T02:38:26", "history": [{"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2006-3509", "CVE-2006-3509"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "### Overview\n\nAn integer overflow exists in the Apple AirPort wireless drivers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition.\n\n### Description\n\nAccording to Apple, \n\n_An integer overflow exists in the AirPort wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage._\n\nNote that the attacker needs to have 802.11 wireless connectivity to the vulnerable system to exploit this vulnerability. If successfully exploited, an attacker may be able to execute arbitrary code with user-level privileges. \n \nIt is important to note that because the vulnerability exists at a lower network layer than TCP/IP, software firewalls, anti-virus software, and host-based IDS or IPS systems may not protect against this vulnerability. \n \nFor information on affected versions of OS X refer to Apple Security Update [2006-005](<http://docs.info.apple.com/article.html?artnum=304420>). \n \n--- \n \n### Impact\n\nAn unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the user running an application using the affected API or cause that application to crash. \n \n--- \n \n### Solution\n\n**Apply updates from Apple** \nApple has released updates to address this issue. See Apple Security Update [2006-005](<http://docs.info.apple.com/article.html?artnum=304420>) for more details. \n \n--- \n \n \n**Disable the Affected Wireless Adapter** \n \nTurning off the wireless adapter can mitigate this vulnerability. To turn off the wireless card, follow the instructions found in [Apple's Knowledgebase](<http://docs.info.apple.com/article.html?artnum=166645>)[](<ftp://download.intel.com/support/wireless/wlan/sb/3945abgug.pdf>): \n \n`Turning AirPort off`\n\n`Turn your AirPort Card off when you're in situations where radio communication may be prohibited, such as in an airplane or at a hospital. ` \n`1. Open the Internet Connect application and click AirPort in the toolbar. ` \n`2. Click Turn AirPort Off.`\n\n`If you have disabled the AirPort port in Network preferences, then your AirPort Card is already turned off. To disable the AirPort port, choose Network Port Configurations from the Show pop-up menu and deselect the AirPort checkbox.` \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Computer, Inc.| | -| 22 Sep 2006 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23563492 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html>\n * <http://docs.info.apple.com/article.html?artnum=304420>\n\n### Credit\n\nThis vulnerability was reported in Apple Security Update [2006-005](<http://docs.info.apple.com/article.html?artnum=304420>).\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n * CVE IDs: [CVE-2006-3509](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3509>)\n * Date Public: 21 Sep 2006\n * Date First Published: 22 Sep 2006\n * Date Last Updated: 01 Nov 2006\n * Severity Metric: 21.94\n * Document Revision: 44\n\n", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "074b873ba22d132fce138b6656a30e668e74552b14dca8cf099f4e28000281d1", "hashmap": [{"hash": "4ea46072a2dd2d68c47b46e53cb410b1", "key": "description"}, {"hash": "6d0ef7c0b3a69e4495a518fe697fcafc", "key": "published"}, {"hash": "b6ba9fa6ea18201bf39ea635ecca9f13", "key": "type"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "ea3a4c616de0392442e6270c5b2ef7bb", "key": "href"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "95d5ebb2bfbdd9bf6f0f7ada3d00fa00", "key": "cvelist"}, {"hash": "055eae359fd369eee8a57b0ad8dec6b3", "key": "references"}, {"hash": "0b7c22e7dbc334618a09b5b7d08cebd9", "key": "modified"}, {"hash": "13863909528ec5b98e919d6af9ef5e96", "key": "title"}, {"hash": "5d2cfab83ed6e86a4812690790dc7ad5", "key": "reporter"}], "history": [], "href": "https://www.kb.cert.org/vuls/id/563492", "id": "VU:563492", "lastseen": "2016-02-03T09:12:53", "modified": "2006-11-01T00:00:00", "objectVersion": "1.2", "published": "2006-09-22T00:00:00", "references": ["http://docs.info.apple.com/article.html?artnum=304420", "http://docs.info.apple.com/article.html?artnum=304420", "http://docs.info.apple.com/article.html?artnum=304420", "http://docs.info.apple.com/article.html?artnum=304420", "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html", "http://docs.info.apple.com/article.html?artnum=166645", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3509"], "reporter": "CERT", "title": "Apple AirPort wireless drivers vulnerable to integer overflow", "type": "cert", "viewCount": 0}, "differentElements": ["references", "description"], "edition": 1, "lastseen": "2016-02-03T09:12:53"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2006-3509", "CVE-2006-3509"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "### Overview\n\nAn integer overflow exists in the Apple AirPort wireless drivers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition.\n\n### Description\n\nAccording to Apple, \n\n_An integer overflow exists in the AirPort wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage._ \nNote that the attacker needs to have 802.11 wireless connectivity to the vulnerable system to exploit this vulnerability. If successfully exploited, an attacker may be able to execute arbitrary code with user-level privileges. \n \nIt is important to note that because the vulnerability exists at a lower network layer than TCP/IP, software firewalls, anti-virus software, and host-based IDS or IPS systems may not protect against this vulnerability. \n \nFor information on affected versions of OS X refer to Apple Security Update [2006-005](<http://docs.info.apple.com/article.html?artnum=304420>). \n \n--- \n \n### Impact\n\nAn unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the user running an application using the affected API or cause that application to crash. \n \n--- \n \n### Solution\n\n**Apply updates from Apple** \nApple has released updates to address this issue. See Apple Security Update [2006-005](<http://docs.info.apple.com/article.html?artnum=304420>) for more details. \n \n--- \n \n \n**Disable the Affected Wireless Adapter** \n \nTurning off the wireless adapter can mitigate this vulnerability. To turn off the wireless card, follow the instructions found in [Apple's Knowledgebase](<http://docs.info.apple.com/article.html?artnum=166645>)[](<ftp://download.intel.com/support/wireless/wlan/sb/3945abgug.pdf>): \n \n`Turning AirPort off`\n\n`Turn your AirPort Card off when you're in situations where radio communication may be prohibited, such as in an airplane or at a hospital. ` \n`1. Open the Internet Connect application and click AirPort in the toolbar. ` \n`2. Click Turn AirPort Off.`\n\n`If you have disabled the AirPort port in Network preferences, then your AirPort Card is already turned off. To disable the AirPort port, choose Network Port Configurations from the Show pop-up menu and deselect the AirPort checkbox.` \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Computer, Inc.| | -| 22 Sep 2006 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23563492 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html>\n * <http://docs.info.apple.com/article.html?artnum=304420>\n\n### Credit\n\nThis vulnerability was reported in Apple Security Update 2006-005 .\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n * CVE IDs: [CVE-2006-3509](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3509>)\n * Date Public: 21 Sep 2006\n * Date First Published: 22 Sep 2006\n * Date Last Updated: 01 Nov 2006\n * Severity Metric: 21.94\n * Document Revision: 44\n\n", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "06380faee13a1ca9d6386f1f520b29eed6007148d57f1502597d263ae8ef378a", "hashmap": [{"hash": "6d0ef7c0b3a69e4495a518fe697fcafc", "key": "published"}, {"hash": "b6ba9fa6ea18201bf39ea635ecca9f13", "key": "type"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "ea3a4c616de0392442e6270c5b2ef7bb", "key": "href"}, {"hash": "e82e54cb61432e35a03e22b26dddc50b", "key": "description"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "95d5ebb2bfbdd9bf6f0f7ada3d00fa00", "key": "cvelist"}, {"hash": "d83992f4cbcc50318e5815c128acb52c", "key": "references"}, {"hash": "0b7c22e7dbc334618a09b5b7d08cebd9", "key": "modified"}, {"hash": "13863909528ec5b98e919d6af9ef5e96", "key": "title"}, {"hash": "5d2cfab83ed6e86a4812690790dc7ad5", "key": "reporter"}], "history": [], "href": "https://www.kb.cert.org/vuls/id/563492", "id": "VU:563492", "lastseen": "2018-08-02T21:55:16", "modified": "2006-11-01T00:00:00", "objectVersion": "1.3", "published": "2006-09-22T00:00:00", "references": ["http://docs.info.apple.com/article.html?artnum=304420", "http://docs.info.apple.com/article.html?artnum=304420", "http://docs.info.apple.com/article.html?artnum=304420", "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html", "http://docs.info.apple.com/article.html?artnum=166645", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3509"], "reporter": "CERT", "title": "Apple AirPort wireless drivers vulnerable to integer overflow", "type": "cert", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-02T21:55:16"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2006-3509", "CVE-2006-3509"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "### Overview\n\nAn integer overflow exists in the Apple AirPort wireless drivers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition.\n\n### Description\n\nAccording to Apple, \n\n_An integer overflow exists in the AirPort wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage._ \nNote that the attacker needs to have 802.11 wireless connectivity to the vulnerable system to exploit this vulnerability. If successfully exploited, an attacker may be able to execute arbitrary code with user-level privileges. \n \nIt is important to note that because the vulnerability exists at a lower network layer than TCP/IP, software firewalls, anti-virus software, and host-based IDS or IPS systems may not protect against this vulnerability. \n \nFor information on affected versions of OS X refer to Apple Security Update [2006-005](<http://docs.info.apple.com/article.html?artnum=304420>). \n \n--- \n \n### Impact\n\nAn unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the user running an application using the affected API or cause that application to crash. \n \n--- \n \n### Solution\n\n**Apply updates from Apple** \nApple has released updates to address this issue. See Apple Security Update [2006-005](<http://docs.info.apple.com/article.html?artnum=304420>) for more details. \n \n--- \n \n \n**Disable the Affected Wireless Adapter** \n \nTurning off the wireless adapter can mitigate this vulnerability. To turn off the wireless card, follow the instructions found in [Apple's Knowledgebase](<http://docs.info.apple.com/article.html?artnum=166645>)[](<ftp://download.intel.com/support/wireless/wlan/sb/3945abgug.pdf>): \n \n`Turning AirPort off`\n\n`Turn your AirPort Card off when you're in situations where radio communication may be prohibited, such as in an airplane or at a hospital. ` \n`1. Open the Internet Connect application and click AirPort in the toolbar. ` \n`2. Click Turn AirPort Off.`\n\n`If you have disabled the AirPort port in Network preferences, then your AirPort Card is already turned off. To disable the AirPort port, choose Network Port Configurations from the Show pop-up menu and deselect the AirPort checkbox.` \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Computer, Inc.| | -| 22 Sep 2006 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23563492 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html>\n * <http://docs.info.apple.com/article.html?artnum=304420>\n\n### Credit\n\nThis vulnerability was reported in Apple Security Update 2006-005 .\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n * CVE IDs: [CVE-2006-3509](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3509>)\n * Date Public: 21 Sep 2006\n * Date First Published: 22 Sep 2006\n * Date Last Updated: 01 Nov 2006\n * Severity Metric: 21.94\n * Document Revision: 44\n\n", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "b74e7f305a7149773d9cce8d03e027a284ea446444dea3df194d5cc7f80a4733", "hashmap": [{"hash": "6d0ef7c0b3a69e4495a518fe697fcafc", "key": "published"}, {"hash": "b6ba9fa6ea18201bf39ea635ecca9f13", "key": "type"}, {"hash": "ea3a4c616de0392442e6270c5b2ef7bb", "key": "href"}, {"hash": "e82e54cb61432e35a03e22b26dddc50b", "key": "description"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "95d5ebb2bfbdd9bf6f0f7ada3d00fa00", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d83992f4cbcc50318e5815c128acb52c", "key": "references"}, {"hash": "0b7c22e7dbc334618a09b5b7d08cebd9", "key": "modified"}, {"hash": "13863909528ec5b98e919d6af9ef5e96", "key": "title"}, {"hash": "5d2cfab83ed6e86a4812690790dc7ad5", "key": "reporter"}], "history": [], "href": "https://www.kb.cert.org/vuls/id/563492", "id": "VU:563492", "lastseen": "2018-08-30T20:36:25", "modified": "2006-11-01T00:00:00", "objectVersion": "1.3", "published": "2006-09-22T00:00:00", "references": ["http://docs.info.apple.com/article.html?artnum=304420", "http://docs.info.apple.com/article.html?artnum=304420", "http://docs.info.apple.com/article.html?artnum=304420", "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html", "http://docs.info.apple.com/article.html?artnum=166645", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3509"], "reporter": "CERT", "title": "Apple AirPort wireless drivers vulnerable to integer overflow", "type": "cert", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T20:36:25"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "95d5ebb2bfbdd9bf6f0f7ada3d00fa00"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "e82e54cb61432e35a03e22b26dddc50b"}, {"key": "href", "hash": "ea3a4c616de0392442e6270c5b2ef7bb"}, {"key": "modified", "hash": "0b7c22e7dbc334618a09b5b7d08cebd9"}, {"key": "published", "hash": "6d0ef7c0b3a69e4495a518fe697fcafc"}, {"key": "references", "hash": "d83992f4cbcc50318e5815c128acb52c"}, {"key": "reporter", "hash": "5d2cfab83ed6e86a4812690790dc7ad5"}, {"key": "title", "hash": "13863909528ec5b98e919d6af9ef5e96"}, {"key": "type", "hash": "b6ba9fa6ea18201bf39ea635ecca9f13"}], "hash": "06380faee13a1ca9d6386f1f520b29eed6007148d57f1502597d263ae8ef378a", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3"}
{"cve": [{"lastseen": "2016-09-03T07:13:39", "references": ["http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html", "http://securitytracker.com/id?1016903", "http://www.kb.cert.org/vuls/id/563492", "http://www.securityfocus.com/bid/20144", "http://www.vupen.com/english/advisories/2006/3737"], "description": "Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.", "edition": 1, "reporter": "NVD", "published": "2006-09-21T17:07:00", "title": "CVE-2006-3509", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T07:13:39", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2006-3509"], "scanner": [], "cpe": ["cpe:/o:apple:mac_os_x:10.4.7", "cpe:/o:apple:mac_os_x_server:10.4.7"], "modified": "2011-03-07T21:38:46", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3509", "id": "CVE-2006-3509", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:25", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=304420)\n[Secunia Advisory ID:22068](https://secuniaresearch.flexerasoftware.com/advisories/22068/)\n[Related OSVDB ID: 29061](https://vulners.com/osvdb/OSVDB:29061)\n[Related OSVDB ID: 29062](https://vulners.com/osvdb/OSVDB:29062)\n[CVE-2006-3509](https://vulners.com/cve/CVE-2006-3509)\n", "reporter": "OSVDB", "published": "2006-09-19T07:49:11", "type": "osvdb", "title": "Apple Airport Wireless Driver API Crafted Frame Overflow", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-3509"], "modified": "2006-09-19T07:49:11", "href": "https://vulners.com/osvdb/OSVDB:29063", "id": "OSVDB:29063", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:19", "references": [], "description": "About the security content of AirPort Update 2006-001 and Security Update 2006-005\r\n\r\nThis document describes Security Update 2006-005 and the security content of AirPort Update 2006-001, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nAirPort Update 2006-001 and Security Update 2006-005\r\n\r\n *\r\n\r\n AirPort\r\n\r\n CVE-ID: CVE-2006-3507\r\n\r\n Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7\r\n\r\n Impact: Attackers on the wireless network may cause arbitrary code execution\r\n\r\n Description: Two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges. This issue affects Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected. There is no known exploit for this issue. This update addresses the issues by performing additional validation of wireless frames.\r\n\r\n *\r\n\r\n AirPort\r\n\r\n CVE-ID: CVE-2006-3508\r\n\r\n Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7\r\n\r\n Impact: Attackers on the wireless network may cause system crashes, privilege elevation, or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the AirPort wireless driver's handling of scan cache updates. An attacker in local proximity may be able to trigger the overflow by injecting a maliciously-crafted frame into the wireless network. This could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issue by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.\r\n\r\n *\r\n\r\n AirPort\r\n\r\n CVE-ID: CVE-2006-3509\r\n\r\n Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7\r\n\r\n Impact: Depending upon third-party wireless software in use, attackers on the wireless network may cause crashes or arbitrary code execution\r\n\r\n Description: An integer overflow exists in the Airport wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage. No applications are known to be affected at this time. If an application is affected, then an attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into the wireless network. This may cause crashes or lead to arbitrary code execution with the privileges of the user running the application. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issues by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.\r\n\r\nInstallation note\r\n\r\nThe Software Update utility will present the update that applies to your system configuration. Only one is needed, either AirPort Update 2006-001 or Security Update 2006-005.\r\n\r\nFor reference if installing from a manually-downloaded package:\r\n\r\nAirPort Update 2006-001 will install on the following systems:\r\n\r\n * Mac OS X v10.4.7 Builds 8J2135 or 8J2135a\r\n\r\nSecurity Update 2006-005 will install on the following systems:\r\n\r\n * Mac OS X v10.3.9\r\n * Mac OS X Server v10.3.9\r\n * Mac OS X v10.4.7 Builds 8J135, 8K1079, 8K1106, 8K1123, or 8K1124\r\n * Mac OS X Server v10.4.7 Builds 8J135 or 8K1079\r\n\r\nFor Mac OS X 10.3.9 and Mac OS X Server 10.3.9 systems, if Software Update does not display Security Update 2006-005, the following updates need to be installed:\r\n\r\n * AirPort 4.2\r\n * AirPort Extreme Driver Update 2005-001\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2006-09-22T00:00:00", "title": "About the security content of AirPort Update 2006-001 and Security Update 2006-005", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:19", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-3508", "CVE-2006-3509", "CVE-2006-3507"], "modified": "2006-09-22T00:00:00", "id": "SECURITYVULNS:DOC:14390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:14390", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-02T00:02:28", "references": [], "pluginID": "22418", "description": "The remote host is missing a security update regarding the drivers of the AirPort wireless card.\n\nAn attacker in the proximity of the target host may exploit this flaw by sending malformed 802.11 frames to the remote host and cause a stack overflow resulting in a crash of arbitrary code execution.", "edition": 6, "reporter": "Tenable", "published": "2006-09-21T00:00:00", "title": "AirPort Update 2006-001 / Security Update 2006-005", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3508", "CVE-2006-3509", "CVE-2006-3507"], "modified": "2018-07-14T00:00:00", "cpe": [], "id": "MACOSX_AIRPORT_2006-001.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22418", "sourceData": "#TRUSTED 6d425222beca4d06a7ecdf79e35276c43729c5e1188262494d6d39de0a41de2f5b4af1f0fd10839269f8872cbd3dd3815f39d767f8c9631a81a3b34c0d981bc0f6174a5d52aa4caed3da0af6e807c645e7f669fd0f35a0ef2633d15c617fd335e456a9aa8fe7dd85c0a0a3dd4d1735df4f7fac7698b96128d72a7f8e37c71a62ac0f9a6cac914a70e3c311af082562fb9602d9a7223323fb599727aeda8ebc8610b6183cbd7256109cdd18c74fe3b3e9ab05b017656ab52a1de90d17469d3c26995809490d904d51fca330959f66ca1b888759075884207f9d135f2e34374af763c58ee04f04e364055896b48baca82eb23db9407e7444ade186cf0fa4b4cda878f17b57df6ead0b228014226f472a8b071484072fcfc7173fd73271b4d14b67933cbba34f1b45b03b6f1957e6696bead9612ff46394c3d87acc0512541b45f9a079ff46b80903c8870ba3c12af18b3adf377a832f1b0cffa5ac61099553a71a3d52f8f5219bf142377cedbf40a6a76b89827b1f711668ea8fd5f3bf291ae944b6a500f3c6c20a938cc9b694d9f9df6277a202aa58cd1d1dac4c9783ca38900590ac370ed4349c48bd58bb06b330d135c9c56600ac44724edaa7a5bac0221796802bba326e63d599badabb6d7488d613776edd3a285bd68c4b875176de2086aa0b7607818eb92a02b3802c0603c8812e8ee27168e7c7115d04910405ae7d5a4a\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22418);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value: \"2018/07/14\");\n\n script_cve_id(\"CVE-2006-3507\", \"CVE-2006-3508\", \"CVE-2006-3509\");\n script_bugtraq_id(20144);\n\n script_name(english:\"AirPort Update 2006-001 / Security Update 2006-005\");\n script_summary(english:\"Checks for the version of the Airport drivers\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary code can be executed on the remote host through the AirPort\nWireless card.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing a security update regarding the drivers of\nthe AirPort wireless card.\n\nAn attacker in the proximity of the target host may exploit this flaw\nby sending malformed 802.11 frames to the remote host and cause a\nstack overflow resulting in a crash of arbitrary code execution.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apple has released a patch for this issue :\n\nhttp://docs.info.apple.com/article.html?artnum=304420\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction vulnerable()\n{\n security_hole( port : 0 );\n if ( ! islocalhost() ) ssh_close_connection();\n exit(0);\n}\n\nfunction cmd()\n{\n local_var buf;\n local_var ret;\n\n if ( islocalhost() )\n\treturn pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", _FCT_ANON_ARGS[0]));\n\n ret = ssh_open_connection();\n if ( ! ret ) exit(0);\n buf = ssh_cmd(cmd:_FCT_ANON_ARGS[0]);\n ssh_close_connection();\n return buf;\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif ( \"Darwin\" >!< uname ) exit(0);\n\n\n#\n# Mac OS X < 10.4.7 is affected\n#\nif ( uname =~ \"Version 8\\.[0-6]\\.\" ) vulnerable();\n\n#\n# Mac OS X < 10.3.9 is affected\n#\nif ( uname =~ \"Version 7\\.[0-8]\\.\" ) vulnerable();\n\n\n\nget_build = \"system_profiler SPSoftwareDataType\";\nhas_airport = \"system_profiler SPAirPortDataType\";\natheros = GetBundleVersionCmd(file:\"AirPortAtheros5424.kext\", path:\"/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/\");\nbroadcom = GetBundleVersionCmd(file:\"AppleAirPortBrcm4311.kext\", path:\"/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/\");\n\n\n\nbuild = cmd(get_build);\nairport = cmd(has_airport);\nif ( \"Wireless Card Type: AirPort\" >!< airport ) exit(0); # No airport card installed\n\n#\n# AirPort Update 2006-001\n#\t-> Mac OS X 10.4.7 Build 8J2135 and 8J2135a\n#\nif ( egrep(pattern:\"System Version: Mac OS X 10\\.4\\.7 \\(8J2135a?\", string:build) )\n{\n atheros_version = cmd(atheros);\n broadcom_version = cmd(broadcom);\n if ( atheros_version =~ \"^1\\.\" )\n\t{\n\t v = split(atheros_version, sep:'.', keep:FALSE);\n\t if ( int(v[0]) == 1 && int(v[1]) == 0 && int(v[2]) < 5 ) vulnerable();\n\t}\n if ( broadcom =~ \"^1\\.\" )\n\t{\n\t v = split(broadcom_version, sep:'.', keep:FALSE);\n\t if ( int(v[0]) == 1 && int(v[1]) == 0 && int(v[2]) < 4 ) vulnerable();\n\t}\n}\n#\n# Mac OS X Security Update 2006-005 (Tiger)\n#\t-> Mac OS X 10.4.7 build 8J135\n#\t-> Mac OS X 10.3.9 build 7W98\n#\nelse if ( egrep(pattern:\"System Version: Mac OS X 10\\.4\\.7 \\(8J135\", string:build) ||\n egrep(pattern:\"System Version: Mac OS X 10\\.3\\.9 \", string:build) )\n{\n cmd = GetBundleVersionCmd(file:\"/AppleAirPort2.kext\", path:\"/System/Library/Extensions\");\n airport_version = cmd(cmd);\n if ( airport_version =~ \"^4\\. \" )\n {\n\t v = split(atheros_version, sep:'.', keep:FALSE);\n\t if ( int(v[0]) == 4 && int(v[1]) == 0 && int(v[2]) < 5 ) vulnerable();\n }\n}\n\n\nif ( ! islocalhost() ) ssh_close_connection();\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
