Details of VAR-201309-0410

ID

VAR-201309-0410

CVE

CVE-2013-5132

TITLE

Apple AirPort Base Station Service operation interruption in firmware (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003995

DESCRIPTION

Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the access point and then sending a short frame. Apple Time Capsule is a wireless attached storage device that combines wireless built-in gateway routing from Apple. Apple AirPort Extreme is a wireless solution for home, school and small businesses. Apple AirPort and Time Capsule have errors in processing frames. An attacker can exploit this issue to cause an unexpected base station system termination, triggering a denial-of-service condition for legitimate users. The product supports streaming music and wireless printing. This issue was addressed by adding size checking to the parsing of small frames. It is recommended that AirPort Utility 6.3.1 be installed before upgrading to Firmware version 7.6.4 on OS X systems, and AirPort Utility 1.3.1 for iOS devices. AirPort Utility may be obtained through Apple's Software Download site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJSKlQVAAoJEPefwLHPlZEwdt8P/jb/AXcjc7V1huYAj7Mm/SS/ pX3k45IqAivLJlsGaPZs0Hjt4MZVmuUkQ8DpS7ttdbBnbS3MzJIB0yIqFFx2GM+R 853vMV6GjBfc6jY1yXD/71jpv0b6f75YWKndOMPBjVRfamq2tlOoUXV4oKzkA22Q kypZIl8xr2AxTeiA+jOgzFo1UQXIEk/dvAr98wsL7nbpTHFLHSpXYvN8qpXpbExT YS3e5p/QAYzm+Pcf97MCFrNyhLs1WhdZ47Ddu6CZuwZv+JmxMtQKVIa7TvFKVfa8 KJvFumYxCHh2ZkQfz+GcTn5RlFYPeq63VwSTq//bEx/BYhB7SKbf4JXSJfpz4IFz 514rS6WGKULDDjltWAADG8WOhbnWMxDCKvYQwT1C8yTqVDKnYJhiXofyb/lkvSUR OViCT6LTS5RfjWCzrIPYk+wajSEadb8V65N8wD3gAimfbv2oIf16ZljAxCNzp6jG XdrXRyLhPwN920AdtA7pVDtgWWmbxi536EAeWyppYn9RDsraAp/FZn0SStMTYYdE oUNvJ5onHSES+SYI6ITfXfSXTI9rY7kcyY51hcs5v2H+LOxNOQglLroi77GM5nMB LbHUwxadaOFmYWIVGMD3MbDnJRNxActqWCnjA7nj66/5ceUxdy//gjz3zPfYeApb JnaDL/59/3H37zeaurXh =C6U1 -----END PGP SIGNATURE-----

Trust: 2.61

sources: NVD: CVE-2013-5132 // JVNDB: JVNDB-2013-003995 // CNVD: CNVD-2013-12934 // BID: 62262 // VULHUB: VHN-65134 // PACKETSTORM: 123134

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-12934

AFFECTED PRODUCTS

vendor:	apple	model:	airport base station	scope:	eq	version:	7.6	Trust: 1.6
vendor:	apple	model:	airport base station	scope:	eq	version:	7.3.2	Trust: 1.6
vendor:	apple	model:	airport base station	scope:	eq	version:	7.5.2	Trust: 1.6
vendor:	apple	model:	airport base station	scope:	eq	version:	7.4.2	Trust: 1.6
vendor:	apple	model:	airport base station	scope:	eq	version:	7.4.1	Trust: 1.6
vendor:	apple	model:	airport base station	scope:	eq	version:	7.6.2	Trust: 1.6
vendor:	apple	model:	airport base station	scope:	eq	version:	7.6.1	Trust: 1.6
vendor:	apple	model:	airport base station	scope:	lte	version:	7.6.3	Trust: 1.0
vendor:	apple	model:	airmac base station	scope:	lt	version:	7.6.4	Trust: 0.8
vendor:	apple	model:	airport express	scope:	lt	version:	7.6.4	Trust: 0.6
vendor:	apple	model:	time capsule	scope:	lt	version:	7.6.4	Trust: 0.6
vendor:	apple	model:	airport base station	scope:	eq	version:	7.6.3	Trust: 0.6
vendor:	apple	model:	time capsule	scope:	eq	version:	7.6	Trust: 0.3
vendor:	apple	model:	time capsule	scope:	eq	version:	7.5.2	Trust: 0.3
vendor:	apple	model:	time capsule	scope:	eq	version:	7.5	Trust: 0.3
vendor:	apple	model:	time capsule	scope:	eq	version:	7.4.2	Trust: 0.3
vendor:	apple	model:	time capsule	scope:	eq	version:	7.4.1	Trust: 0.3
vendor:	apple	model:	time capsule	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	airport extreme base station with 802.11n	scope:	eq	version:	7.5.2	Trust: 0.3
vendor:	apple	model:	airport extreme base station with 802.11n	scope:	eq	version:	7.4.1	Trust: 0.3
vendor:	apple	model:	airport express base station with 802.11n	scope:	eq	version:	7.6	Trust: 0.3
vendor:	apple	model:	airport express base station with 802.11n	scope:	eq	version:	7.5.2	Trust: 0.3
vendor:	apple	model:	airport express base station with 802.11n	scope:	eq	version:	7.4.1	Trust: 0.3
vendor:	apple	model:	time capsule	scope:	ne	version:	7.6.4	Trust: 0.3
vendor:	apple	model:	airport extreme base station with 802.11n	scope:	ne	version:	7.6.4	Trust: 0.3
vendor:	apple	model:	airport express base station with 802.11n	scope:	ne	version:	7.6.4	Trust: 0.3

sources: CNVD: CNVD-2013-12934 // BID: 62262 // JVNDB: JVNDB-2013-003995 // CNNVD: CNNVD-201309-042 // NVD: CVE-2013-5132

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5132
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5132
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-12934
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201309-042
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65134
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5132
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-12934
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65134
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-12934 // VULHUB: VHN-65134 // JVNDB: JVNDB-2013-003995 // CNNVD: CNNVD-201309-042 // NVD: CVE-2013-5132

PROBLEMTYPE DATA

problemtype:	CWE-189	Trust: 1.1
problemtype:	CWE-119	Trust: 0.8

sources: VULHUB: VHN-65134 // JVNDB: JVNDB-2013-003995 // NVD: CVE-2013-5132

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-042

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201309-042

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003995

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-65134

PATCH

title:	APPLE-SA-2013-09-06-1	url:	http://lists.apple.com/archives/security-announce/2013/Sep/msg00000.html	Trust: 0.8
title:	HT5920	url:	http://support.apple.com/kb/HT5920	Trust: 0.8
title:	HT5920	url:	http://support.apple.com/kb/HT5920?viewlocale=ja_JP	Trust: 0.8
title:	Patch for Apple AirPort / Time Capsule Frame Handling Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/39422	Trust: 0.6

sources: CNVD: CNVD-2013-12934 // JVNDB: JVNDB-2013-003995

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5132	Trust: 3.5
db:	BID	id:	62262	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-003995	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-042	Trust: 0.7
db:	SECUNIA	id:	54733	Trust: 0.6
db:	CNVD	id:	CNVD-2013-12934	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2013-09-06-1	Trust: 0.6
db:	PACKETSTORM	id:	123134	Trust: 0.2
db:	VULHUB	id:	VHN-65134	Trust: 0.1

sources: CNVD: CNVD-2013-12934 // VULHUB: VHN-65134 // BID: 62262 // JVNDB: JVNDB-2013-003995 // PACKETSTORM: 123134 // CNNVD: CNNVD-201309-042 // NVD: CVE-2013-5132

REFERENCES

url:	http://support.apple.com/kb/ht5920	Trust: 2.0
url:	http://lists.apple.com/archives/security-announce/2013/sep/msg00000.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5132	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5132	Trust: 0.8
url:	http://secunia.com/advisories/54733/	Trust: 0.6
url:	http://software.cisco.com/download/navigator.html?mdfid=283613663	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5132	Trust: 0.1
url:	http://www.apple.com/support/downloads/	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	http://support.apple.com/kb/ht1222	Trust: 0.1
url:	http://gpgtools.org	Trust: 0.1

sources: CNVD: CNVD-2013-12934 // VULHUB: VHN-65134 // BID: 62262 // JVNDB: JVNDB-2013-003995 // PACKETSTORM: 123134 // CNNVD: CNNVD-201309-042 // NVD: CVE-2013-5132

CREDITS

Joonas Kuorilehto of Codenomicon

Trust: 0.3

sources: BID: 62262

SOURCES

db:	CNVD	id:	CNVD-2013-12934
db:	VULHUB	id:	VHN-65134
db:	BID	id:	62262
db:	JVNDB	id:	JVNDB-2013-003995
db:	PACKETSTORM	id:	123134
db:	CNNVD	id:	CNNVD-201309-042
db:	NVD	id:	CVE-2013-5132

LAST UPDATE DATE

2025-04-11T23:09:50.021000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-12934	date:	2013-09-11T00:00:00
db:	VULHUB	id:	VHN-65134	date:	2013-09-18T00:00:00
db:	BID	id:	62262	date:	2013-09-07T00:00:00
db:	JVNDB	id:	JVNDB-2013-003995	date:	2013-09-10T00:00:00
db:	CNNVD	id:	CNNVD-201309-042	date:	2013-09-09T00:00:00
db:	NVD	id:	CVE-2013-5132	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-12934	date:	2013-09-11T00:00:00
db:	VULHUB	id:	VHN-65134	date:	2013-09-08T00:00:00
db:	BID	id:	62262	date:	2013-09-07T00:00:00
db:	JVNDB	id:	JVNDB-2013-003995	date:	2013-09-10T00:00:00
db:	PACKETSTORM	id:	123134	date:	2013-09-07T19:31:24
db:	CNNVD	id:	CNNVD-201309-042	date:	2013-09-09T00:00:00
db:	NVD	id:	CVE-2013-5132	date:	2013-09-08T03:17:39.733