FTP Command Vulnerability in Apple AirPort Devices
CVE-2010-0039

Currently unrated

Key Information:

Vendor: Apple
Status: Airport Express Base Station Firmware; Airport Extreme Base Station Firmware; Airport Express; Airport Extreme
Vendor: CVE Published:; 22 December 2010

Summary

An issue in the Application-Level Gateway (ALG) of Apple AirPort devices allows unauthorized modification of FTP PORT commands. This could enable remote attackers to leverage the device's IP address to route arbitrary TCP traffic within the intranet, provided they have write access to an FTP server hosted within the network. Users are advised to upgrade to firmware version 7.5.2 or later to mitigate this risk.

References

http://lists.apple.com/archives/security-announce/2010//D...

vendor-advisoryx_refsource_APPLE

http://support.apple.com/kb/HT4298

x_refsource_CONFIRM

http://www.securitytracker.com/id?1024907

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Dec 22, 2010
Vulnerability Reserved
Dec 15, 2009