>> Apple AirPort Extreme Base Station Security Bypass and Information Disclosure Issues
Title : Apple AirPort Extreme Base Station Security Bypass and Information Disclosure Issues VUPEN ID : VUPEN/ADV-2007-1308 CVE ID : CVE-2007-0734 - CVE-2007-1338
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-04-10
Technical Description
Two vulnerabilities have been identified in AirPort Extreme Base Station (802.11n), which could be exploited by attackers to bypass security restrictions and gain knowledge of sensitive information.
The first issue is caused by a design error within the default configuration that allows incoming IPv6 connections and traffic to the local network, which may expose network services on hosts connected through a vulnerable station.
The second vulnerability is caused by an error in the AirPort Disk feature that fails to properly validate access requests, which could be exploited by attackers on the local network to view filenames (but not their contents) on a password-protected disk without providing a password.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
