===================================================================== CERT-Renater Note d'Information No. 2006/VULN001 _____________________________________________________________________ DATE : 05/01/2006 HARDWARE PLATFORM(S) : APPLE AirPort. OPERATING SYSTEM(S) : AirPort Express Firmware. ====================================================================== APPLE-SA-2006-01-05 AirPort firmware update The following AirPort firmware updates are available: AirPort Express Firmware Update 6.3 for Mac OS X AirPort Express Firmware Update 6.3 for Windows AirPort Extreme Firmware Update 5.7 for Mac OS X AirPort Extreme Firmware Update 5.7 for Windows They each provide a security enhancement for the following issue: CVE-ID: CVE-2005-3714 Impact: AirPort network interface becomes unresponsive Description: A malicious network attacker that can generate specially crafted packets may be able to cause an AirPort base station's network interface to stop responding normally, resulting in a denial-of-service. This update addresses the issue by discarding the malformed packets. Credit to Michael Zanetta of NETwork Security Consortium for reporting this issue. The AirPort updates may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ AirPort Express Firmware Update 6.3 for Mac OS X The download file is named: "AirPortExpressFWUpdater.dmg" Its SHA-1 digest is: 2d6a7c7b35e84fda44e52a7b994ed31a2f8e25d7 AirPort Express Firmware Update 6.3 for Windows The download file is named: "AirPortExpressFWUpdater.exe" Its SHA-1 digest is: d8ff8310ef19b5fc4f022091742578ca2cd664d6 AirPort Extreme Firmware Update 5.7 for Mac OS X The download file is named: "AirPortExtremeFWUpdater.dmg" Its SHA-1 digest is: 06f0e12b95f27b020e45f616317f8d9e97ca4f76 AirPort Extreme Firmware Update 5.7 for Windows The download file is named: "AirPortExtremeFWUpdater.exe" Its SHA-1 digest is: 05b39317a1388b85569e9be1333f85a0019edb39 Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================