Vulnerabilities > CVE-2013-5132 - Numeric Errors vulnerability in Apple Airport Base Station Firmware

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

high complexity

apple

CWE-189

nessus

NVD

Published: 2013-09-08

Updated: 2013-09-18

Summary

Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the access point and then sending a short frame.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple Airport Base Station Firmware 7.3.2 Apple Airport Base Station Firmware 7.4.1 Apple Airport Base Station Firmware 7.4.2 Apple Airport Base Station Firmware 7.5.2 Apple Airport Base Station Firmware 7.6 Apple Airport Base Station Firmware 7.6.1 Apple Airport Base Station Firmware 7.6.2 Apple Airport Base Station Firmware 7.6.3	8

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Misc.
NASL id	AIRPORT_FIRMWARE_7_6_4.NASL
description	According to the firmware version collected via SNMP, the remote AirPort Extreme Base Station / AirPort Express Base Station / Apple Time Capsule reportedly does not properly parse small frames with incorrect lengths. An associated client might be able to leverage this vulnerability to cause a termination of the base station system.
last seen	2020-06-01
modified	2020-06-02
plugin id	69817
published	2013-09-09
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/69817
title	Apple AirPort Base Station (802.11n) Firmware < 7.6.4 Remote DoS (APPLE-SA-2013-09-06-1)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69817); script_version("1.4"); script_cvs_date("Date: 2019/11/27"); script_cve_id("CVE-2013-5132"); script_bugtraq_id(62262); script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-09-06-1"); script_name(english:"Apple AirPort Base Station (802.11n) Firmware < 7.6.4 Remote DoS (APPLE-SA-2013-09-06-1)"); script_summary(english:"Checks firmware version through SNMP"); script_set_attribute(attribute:"synopsis", value: "The remote network device is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "According to the firmware version collected via SNMP, the remote AirPort Extreme Base Station / AirPort Express Base Station / Apple Time Capsule reportedly does not properly parse small frames with incorrect lengths. An associated client might be able to leverage this vulnerability to cause a termination of the base station system."); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT202800"); script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2013/Sep/msg00000.html"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/528462/30/0/threaded"); script_set_attribute(attribute:"solution", value: "Upgrade the firmware to version 7.6.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5132"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/06"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("snmp_airport_version.nasl"); script_require_keys("Host/Airport/Firmware", "SNMP/community"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("Host/Airport/Firmware"); fixed_version = "7.6.4"; if ( ver_compare(ver:version, fix:"7.0.0", strict:FALSE) >= 0 && ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1 ) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_warning(port:0, extra:report); } else security_warning(0); } else exit(0, "The host is not affected since firmware version " + version + " is installed.");

Seebug

bulletinFamily	exploit
description	CVE(CAN) ID: CVE-2013-5132 Apple Time Capsule是无线的附加到网络的存储设备，组合了Apple生产的无线内置网关路由。Apple AirPort Extreme是针对家庭、学校和小型企业的无线解决方案。 Apple AirPort、Time Capsule 7.6.4之前版本在处理帧时存在错误，本地攻击者发送长度不正确的特制小帧，利用此漏洞可造成意外基站系统中断，导致拒绝服务。 0 Apple Time Capsule < 7.6.4 Apple AirPort Express Firmware < 7.6.4 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.apple.com/support/downloads/
id	SSV:60998
last seen	2017-11-19
modified	2013-09-13
published	2013-09-13
reporter	Root
title	Apple AirPort / Time Capsule 帧处理拒绝服务漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Seebug

References