About the security content of AirPort Extreme Base Station Firmware 7.3.1
Summary
This document describes the security content of AirPort Extreme Base Station Firmware 7.3.1, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
Products Affected
AirPort Extreme Base Station, Product Security
-
AirPort Extreme Base Station with 802.11n* Firmware Update 7.3.1
CVE-ID: CVE-2008-1012
Available for: AirPort Extreme Base Station with 802.11n*
Impact: A maliciously crafted AFP request may lead to a denial of service
Description: An input validation issue exists in the AirPort Extreme Base Station's handling of AFP requests, which may cause file sharing to become unresponsive. This update addresses the issue by performing additional validation of AFP requests. This issue does not affect Time Capsule or AirPort Express. Credit to Alex deVries for reporting this issue. The fix for this issue is available in the following separate updates:
- AirPort Extreme with 802.11n (Fast Ethernet) 7.3.1
- AirPort Extreme with 802.11n (Gigabit Ethernet) 7.3.1
(*) Based on an IEEE 802.11n draft specification