[Full-Disclosure] Apple Airport WDS DoS

 Thock.com
 Security Advisory

Problem: Apple AirPort WDS DoS
Affected devices: AirPort Extreme and Airport Express.
Severity: Denial of service.
Author: Dylan Griffiths <[email protected]>
Vendor Status: Fix available.

Overview:

Apple's AirPort devices are wireless access points, providing
802.11 services to network clients. One popular configuration is the
WDS which causes each access point to act like a physical port on a
virtual switch, forwarding packets between two or more wired segments of
a network.

Details:

When configured in a WDS, Apple's Airport Extreme and Express
basestations can be made to crash when UDP port 161 is connected to, and
then a link-state change occurs. The software responsible for bridging
packets between the wired and wireless sides will stop responding, and
the entire device will lock up (the status lights will not indicate an
error). This occurs on both the wired and wireless interfaces of the
device.

Vendor Response:

New firmware has been released for both devices. Update your
WDS-enabled networks to the latest firmware as soon as possible. Special
thanks to John Clecak at Apple for working with me to isolate and
correct this bug!

Airport Express 6.1.1 firmware
MacOSX:
http://www.apple.com/support/downloads/airportexpressfirmware611formacosx.html
Windows:
http://www.apple.com/support/downloads/airportexpressfirmware611forwindows.html

Airport Extreme 5.5.1 firmware
MacOSX:
http://www.apple.com/support/downloads/airportextremefirmware551formacosx.html
Windows:
http://www.apple.com/support/downloads/airportextremefirmware551forwindows.html