lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: dylang at thock.com (Dylan Griffiths) Subject: Apple Airport WDS DoS Thock.com Security Advisory Problem: Apple AirPort WDS DoS Affected devices: AirPort Extreme and Airport Express. Severity: Denial of service. Author: Dylan Griffiths <dylang@...ck.com> Vendor Status: Fix available. Overview: Apple's AirPort devices are wireless access points, providing 802.11 services to network clients. One popular configuration is the WDS which causes each access point to act like a physical port on a virtual switch, forwarding packets between two or more wired segments of a network. Details: When configured in a WDS, Apple's Airport Extreme and Express basestations can be made to crash when UDP port 161 is connected to, and then a link-state change occurs. The software responsible for bridging packets between the wired and wireless sides will stop responding, and the entire device will lock up (the status lights will not indicate an error). This occurs on both the wired and wireless interfaces of the device. Vendor Response: New firmware has been released for both devices. Update your WDS-enabled networks to the latest firmware as soon as possible. Special thanks to John Clecak at Apple for working with me to isolate and correct this bug! Airport Express 6.1.1 firmware MacOSX: http://www.apple.com/support/downloads/airportexpressfirmware611formacosx.html Windows: http://www.apple.com/support/downloads/airportexpressfirmware611forwindows.html Airport Extreme 5.5.1 firmware MacOSX: http://www.apple.com/support/downloads/airportextremefirmware551formacosx.html Windows: http://www.apple.com/support/downloads/airportextremefirmware551forwindows.html
Powered by blists - more mailing lists