Sign-up

ID

VAR-200609-0015


CVE

CVE-2006-3508


TITLE

Apple AirPort wireless drivers vulnerable to integer overflow

Trust: 0.8

sources: CERT/CC: VU#563492

DESCRIPTION

Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates. An integer overflow exists in the Apple AirPort wireless drivers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition. The Apple Mac OS X AirPort wireless driver is prone to multiple buffer-overflow vulnerabilities because it fails to perform sufficient bounds checking before copying data to finite-sized buffers. One of the issues allows code execution in the context of an application using the wireless API. This may lead to denial-of-service conditions or the complete compromise of the affected computer. Apple Mac OS X is the operating system used by the Apple family of machines. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Apple Airport Buffer Overflow and Integer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA22068 VERIFY ADVISORY: http://secunia.com/advisories/22068/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Some vulnerabilities have been reported in AirPort, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 1) Two boundary errors exist in the handling of malformed wireless network frames. The vulnerability affects the following products equipped with wireless: * Power Mac * PowerBook * iBook * iMac * Mac Pro * Xserve * PowerPC-based Mac mini 2) A boundary error exists in the AirPort wireless driver's handling of scan cache updates. This can be exploited to cause a buffer overflow by sending a malicious frame to the system and may lead to a system crash, privilege elevation, or execution of arbitrary code with system privileges. This can be exploited to cause a buffer overflow by sending a malicious frame to the system and could crash the application or lead to arbitrary code execution with privileges of the user running the application. Vulnerabilities #2 and #3 affect Intel-based Mac mini, MacBook, and MacBook Pro equipped with wireless and does not affect systems prior to Mac OS X v10.4. SOLUTION: Apply Security Update 2006-005 or AirPort Update 2006-001: http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=304420 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.23

sources: NVD: CVE-2006-3508 // CERT/CC: VU#563492 // CERT/CC: VU#589540 // CERT/CC: VU#867796 // JVNDB: JVNDB-2006-001023 // BID: 20144 // VULHUB: VHN-19616 // PACKETSTORM: 50232

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 2.4

vendor:applemodel:mac os xscope:eqversion:10.4.7

Trust: 2.4

vendor:applemodel:mac os x serverscope:eqversion:10.4.7

Trust: 1.6

vendor:applemodel:mac osscope:neversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.0.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.03

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:cosmicperlmodel:directory proscope:neversion:10.0.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.0

Trust: 0.3

sources: CERT/CC: VU#563492 // CERT/CC: VU#589540 // CERT/CC: VU#867796 // BID: 20144 // JVNDB: JVNDB-2006-001023 // CNNVD: CNNVD-200609-377 // NVD: CVE-2006-3508

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3508
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#563492
value: 21.94

Trust: 0.8

CARNEGIE MELLON: VU#589540
value: 20.48

Trust: 0.8

CARNEGIE MELLON: VU#867796
value: 20.48

Trust: 0.8

NVD: CVE-2006-3508
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200609-377
value: HIGH

Trust: 0.6

VULHUB: VHN-19616
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-3508
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-19616
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#563492 // CERT/CC: VU#589540 // CERT/CC: VU#867796 // VULHUB: VHN-19616 // JVNDB: JVNDB-2006-001023 // CNNVD: CNNVD-200609-377 // NVD: CVE-2006-3508

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3508

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200609-377

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200609-377

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001023

PATCH
title:APPLE-SA-2006-09-21url:http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001023

EXTERNAL IDS
db:CERT/CCid:VU#589540
Trust: 3.6
db:NVDid:CVE-2006-3508
Trust: 2.8
db:BIDid:20144
Trust: 2.0
db:SECUNIAid:22068
Trust: 1.8
db:VUPENid:ADV-2006-3737
Trust: 1.7
db:SECTRACKid:1016903
Trust: 1.7
db:CERT/CCid:VU#563492
Trust: 1.1
db:CERT/CCid:VU#867796
Trust: 1.1
db:JVNDBid:JVNDB-2006-001023
Trust: 0.8
db:CNNVDid:CNNVD-200609-377
Trust: 0.7
db:APPLEid:APPLE-SA-2006-09-21
Trust: 0.6
db:VULHUBid:VHN-19616
Trust: 0.1
db:PACKETSTORMid:50232
Trust: 0.1
sources:
            
            
            CERT/CC: VU#563492 // 
            
            
            
            CERT/CC: VU#589540 // 
            
            
            
            CERT/CC: VU#867796 // 
            
            
            
            VULHUB: VHN-19616 // 
            
            
            
            BID: 20144 // 
            
            
            
            JVNDB: JVNDB-2006-001023 // 
            
            
            
            PACKETSTORM: 50232 // 
            
            
            
            CNNVD: CNNVD-200609-377 // 
            
            
            
            NVD: CVE-2006-3508

REFERENCES
url:http://lists.apple.com/archives/security-announce/2006/sep/msg00001.html
Trust: 4.1
url:http://www.kb.cert.org/vuls/id/589540
Trust: 2.8
url:http://docs.info.apple.com/article.html?artnum=304420
Trust: 2.5
url:http://www.securityfocus.com/bid/20144
Trust: 1.7
url:http://securitytracker.com/id?1016903
Trust: 1.7
url:http://secunia.com/advisories/22068
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/3737
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3508
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3508
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2006/3737
Trust: 0.6
url:http://www.apple.com/airport/
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/563492
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/867796
Trust: 0.3
url:http://docs.info.apple.com/article.html?artnum=61798
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/quality_assurance_analyst/
Trust: 0.1
url:http://www.apple.com/support/downloads/
Trust: 0.1
url:http://secunia.com/product/96/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/22068/
Trust: 0.1
url:http://secunia.com/web_application_security_specialist/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#563492 // 
            
            
            
            CERT/CC: VU#589540 // 
            
            
            
            CERT/CC: VU#867796 // 
            
            
            
            VULHUB: VHN-19616 // 
            
            
            
            BID: 20144 // 
            
            
            
            JVNDB: JVNDB-2006-001023 // 
            
            
            
            PACKETSTORM: 50232 // 
            
            
            
            CNNVD: CNNVD-200609-377 // 
            
            
            
            NVD: CVE-2006-3508

CREDITS
Apple
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200609-377

SOURCES
db:CERT/CCid:VU#563492
db:CERT/CCid:VU#589540
db:CERT/CCid:VU#867796
db:VULHUBid:VHN-19616
db:BIDid:20144
db:JVNDBid:JVNDB-2006-001023
db:PACKETSTORMid:50232
db:CNNVDid:CNNVD-200609-377
db:NVDid:CVE-2006-3508

LAST UPDATE DATE
2025-04-03T22:10:25.848000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#563492date:2006-11-01T00:00:00
db:CERT/CCid:VU#589540date:2006-09-22T00:00:00
db:CERT/CCid:VU#867796date:2006-11-01T00:00:00
db:VULHUBid:VHN-19616date:2011-03-08T00:00:00
db:BIDid:20144date:2007-09-18T23:50:00
db:JVNDBid:JVNDB-2006-001023date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200609-377date:2006-09-22T00:00:00
db:NVDid:CVE-2006-3508date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:CERT/CCid:VU#563492date:2006-09-22T00:00:00
db:CERT/CCid:VU#589540date:2006-09-22T00:00:00
db:CERT/CCid:VU#867796date:2006-09-22T00:00:00
db:VULHUBid:VHN-19616date:2006-09-21T00:00:00
db:BIDid:20144date:2006-09-21T00:00:00
db:JVNDBid:JVNDB-2006-001023date:2012-06-26T00:00:00
db:PACKETSTORMid:50232date:2006-09-22T18:46:32
db:CNNVDid:CNNVD-200609-377date:2006-09-21T00:00:00
db:NVDid:CVE-2006-3508date:2006-09-21T21:07:00