Details of VAR-200803-0231

ID

VAR-200803-0231

CVE

CVE-2008-1012

TITLE

Apple AirPort Extreme Base Station AFP Request Denial of Service Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2008-1536 // BID: 28348 // CNNVD: CNNVD-200803-329

DESCRIPTION

Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation.". Apple AirPort Extreme Base Station is a small wireless access solution. Apple AirPort Extreme Base Station has a vulnerability in processing malformed requests. If a special AFP request is sent to the device, file sharing will become unresponsive. AirPort Extreme running firmware versions prior to 7.3.1 are affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. SOLUTION: Update to one of the following firmware versions: * AirPort Extreme with 802.11n (Fast Ethernet) 7.3.1 * AirPort Extreme with 802.11n (Gigabit Ethernet) 7.3.1 PROVIDED AND/OR DISCOVERED BY: The vendor credits Alex deVries. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT1226 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2008-1012 // JVNDB: JVNDB-2008-002778 // CNVD: CNVD-2008-1536 // BID: 28348 // VULHUB: VHN-31137 // PACKETSTORM: 64802

AFFECTED PRODUCTS

vendor:	apple	model:	airport extreme base station	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	airport extreme base station	scope:	eq	version:	firmware 7.3.1	Trust: 0.8
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	apple	model:	airport extreme base station	scope:	eq	version:	7.3.1_firmware	Trust: 0.6
vendor:	apple	model:	airport extreme	scope:	eq	version:	7.2.1	Trust: 0.3
vendor:	apple	model:	airport extreme	scope:	eq	version:	5.7	Trust: 0.3
vendor:	apple	model:	airport extreme	scope:	eq	version:	5.5	Trust: 0.3
vendor:	apple	model:	airport extreme	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	airport extreme	scope:	eq	version:	7.0	Trust: 0.3
vendor:	apple	model:	airport extreme	scope:	ne	version:	7.3.1	Trust: 0.3

sources: CNVD: CNVD-2008-1536 // BID: 28348 // JVNDB: JVNDB-2008-002778 // CNNVD: CNNVD-200803-329 // NVD: CVE-2008-1012

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-1012
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-1012
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200803-329
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-31137
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-1012
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-31137
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-31137 // JVNDB: JVNDB-2008-002778 // CNNVD: CNNVD-200803-329 // NVD: CVE-2008-1012

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-31137 // JVNDB: JVNDB-2008-002778 // NVD: CVE-2008-1012

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200803-329

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200803-329

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002778

PATCH

title:

APPLE-SA-2008-03-19

url:

http://lists.apple.com/archives/security-announce/2008/Mar/msg00002.html

Trust: 0.8

sources: JVNDB: JVNDB-2008-002778

EXTERNAL IDS

db:	NVD	id:	CVE-2008-1012	Trust: 3.4
db:	BID	id:	28348	Trust: 2.0
db:	SECUNIA	id:	29447	Trust: 1.8
db:	VUPEN	id:	ADV-2008-0955	Trust: 1.7
db:	SECTRACK	id:	1019678	Trust: 1.7
db:	JVNDB	id:	JVNDB-2008-002778	Trust: 0.8
db:	CNNVD	id:	CNNVD-200803-329	Trust: 0.7
db:	CNVD	id:	CNVD-2008-1536	Trust: 0.6
db:	XF	id:	41325	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2008-03-19	Trust: 0.6
db:	VULHUB	id:	VHN-31137	Trust: 0.1
db:	PACKETSTORM	id:	64802	Trust: 0.1

sources: CNVD: CNVD-2008-1536 // VULHUB: VHN-31137 // BID: 28348 // JVNDB: JVNDB-2008-002778 // PACKETSTORM: 64802 // CNNVD: CNNVD-200803-329 // NVD: CVE-2008-1012

REFERENCES

url:	http://support.apple.com/kb/ht1226	Trust: 2.1
url:	http://lists.apple.com/archives/security-announce/2008/mar/msg00002.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/28348	Trust: 1.7
url:	http://www.securitytracker.com/id?1019678	Trust: 1.7
url:	http://secunia.com/advisories/29447	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2008/0955/references	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/41325	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1012	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1012	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/41325	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2008/0955/references	Trust: 0.6
url:	http://www.apple.com/airportextreme/	Trust: 0.3
url:	http://software.cisco.com/download/navigator.html?mdfid=283613663	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	https://psi.secunia.com/?page=changelog	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/4504/	Trust: 0.1
url:	http://secunia.com/advisories/29447/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-31137 // BID: 28348 // JVNDB: JVNDB-2008-002778 // PACKETSTORM: 64802 // CNNVD: CNNVD-200803-329 // NVD: CVE-2008-1012

CREDITS

Alex deVries

Trust: 0.9

sources: BID: 28348 // CNNVD: CNNVD-200803-329

SOURCES

db:	CNVD	id:	CNVD-2008-1536
db:	VULHUB	id:	VHN-31137
db:	BID	id:	28348
db:	JVNDB	id:	JVNDB-2008-002778
db:	PACKETSTORM	id:	64802
db:	CNNVD	id:	CNNVD-200803-329
db:	NVD	id:	CVE-2008-1012

LAST UPDATE DATE

2025-04-10T23:07:15.945000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2008-1536	date:	2008-03-20T00:00:00
db:	VULHUB	id:	VHN-31137	date:	2017-08-08T00:00:00
db:	BID	id:	28348	date:	2008-03-20T21:30:00
db:	JVNDB	id:	JVNDB-2008-002778	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200803-329	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-1012	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2008-1536	date:	2008-03-20T00:00:00
db:	VULHUB	id:	VHN-31137	date:	2008-03-20T00:00:00
db:	BID	id:	28348	date:	2008-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2008-002778	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	64802	date:	2008-03-21T22:30:18
db:	CNNVD	id:	CNNVD-200803-329	date:	2008-03-20T00:00:00
db:	NVD	id:	CVE-2008-1012	date:	2008-03-20T10:44:00