=====================================================================
                                     CERT-Renater

                          Note d'Information No. 2007/VULN024
_____________________________________________________________________

DATE                      : 26/01/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Mac OS X running Airport Extreme.

======================================================================

APPLE-SA-2007-01-25 AirPort Extreme Update 2007-001

AirPort Extreme Update 2007-001 is now available.  Along with other improvements 
(see release notes), it also addresses the
following security issue:

AirPort
CVE-ID:  CVE-2006-6292
Available for:  Mac OS X v10.4.8, Mac OS X Server v10.4.8
Impact:  Attackers on the wireless network may cause system crashes
Description:  An out-of-bounds memory read may occur while handling wireless 
frames. An attacker in local proximity may be able to
trigger a system crash by sending a maliciously-crafted frame to an affected 
system. This issue affects the Core Duo version of Mac
mini, MacBook, and MacBook Pro computers equipped with wireless. Other systems, 
including the Core 2 Duo versions are not affected.
This update addresses the issue by performing additional validation of wireless 
frames. Credit to LMH for reporting this issue.

AirPort Extreme Update 2007-001 may be obtained from the Software Update pane in 
System Preferences, or Apple's Software Downloads
web
site: http://www.apple.com/support/downloads/

The download file is named:  "AirPortExtremeUpdate2007001.dmg"
Its SHA-1 digest is:  3e2e2ee7d167008e709a454dad41c3547a5153ad

Information will also be posted to the Apple Security Updates web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and details are 
available at:
http://www.apple.com/support/security/pgp/

======================================================================

            =========================================================
            Les serveurs de référence du CERT-Renater
            http://www.urec.fr/securite
            http://www.cru.fr/securite
            http://www.renater.fr
            =========================================================
            + CERT-RENATER          | tel : 01-53-94-20-44          +
            + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
            + 75013 Paris           | email: certsvp@renater.fr     +
            =========================================================