AirPort Extreme Update 2007-002
Available for: Mac OS X v10.4.8, Mac OS X Server v10.4.8
Impact: Attackers on the wireless network may cause system crashes
Description: An out-of-bounds memory read may occur while handling wireless frames. An attacker in local proximity may be able to trigger a system crash by sending a maliciously-crafted frame to an affected system. This issue affects the Core Duo version of Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Other systems, including the Core 2 Duo versions are not affected. This update addresses the issue by performing additional validation of wireless frames. Credit to LMH for reporting this issue.
The security fix described above (CVE-2006-6292) was originally released in AirPort Extreme Update 2007-001. The identical fix is also present in AirPort Extreme Update 2007-002, which contains an additional non-security fix for a compatibility issue when using certain third-party access points configured to use WEP. Systems which installed AirPort Extreme Update 2007-001 are correctly patched for CVE-2006-6292. Installing AirPort Extreme Update 2007-002 is recommended to obtain the additional compatibility fix. Affected systems that have not yet applied AirPort Extreme Update 2007-001 should apply AirPort Extreme Update 2007-002.