Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Thu, 14 Dec 2017 15:43:43 +0100
Type : VULN
Sujet : CERT-Renater : 2017/VULN402 (APPLE : APPLE-SA-2017-12-12-2 -1 AirPort Base Station Firmware Update 7.6.9 and 7.7.9)
===================================================================
                              CERT-Renater

                 Note d'Information No. 2017/VULN402
_____________________________________________________________________

DATE                : 14/12/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): AirPort Base Station Firmware versions prior to
                                        7.6.9, 7.7.9.

=====================================================================
https://lists.apple.com/archives/security-announce/2017/Dec/msg00002.html
https://lists.apple.com/archives/security-announce/2017/Dec/msg00001.html
_____________________________________________________________________

APPLE-SA-2017-12-12-1 AirPort Base Station Firmware Update 7.6.9

AirPort Base Station Firmware Update 7.6.9 is now available and
addresses the following:

AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extreme, and
AirPort Time Capsule base stations with 802.11n
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
unicast/PTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extreme, and
AirPort Time Capsule base stations with 802.11n
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

Installation note:

Firmware version 7.6.9 is installed on AirPort Express, AirPort
Extreme, or AirPort Time Capsule base stations with 802.11n using
AirPort Utility for Mac or iOS.

AirPort Utility for Mac is a free download from
https://support.apple.com/downloads/ and AirPort Utility for iOS
is a free download from the App

_____________________________________________________________________

APPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update 7.7.9

AirPort Base Station Firmware Update 7.7.9 is now available and
addresses the following:

AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations
with 802.11ac
Impact: An attacker within range may be able to execute arbitrary
code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations
with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
unicast/PTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations
with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

Installation note:

Firmware version 7.7.9 is installed on AirPort Extreme or
AirPort Time Capsule base stations with 802.11ac using
AirPort Utility for Mac or iOS.

AirPort Utility for Mac is a free download from
https://support.apple.com/downloads/ and AirPort Utility for iOS
is a free download from the App Store.


==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================

[An attachment of type application/pkcs7-signature was included here]