漏洞信息详情
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple AirPort FTP端口转发绕过安全限制漏洞
- CNNVD编号:CNNVD-201003-156
- 危害等级: 中危
- CVE编号: CVE-2010-0962
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2010-03-10
- 威胁类型: 远程
- 更新时间: 2010-03-12
- 厂 商: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
- 漏洞来源: Sabahattin Gucukog...
漏洞简介
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple AirPort设备是一款无线访问接入点,可为网络客户端提供802.11服务。
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple AirPort等无线产品中内嵌的FTP代理服务器没有限制客户端在PORT命令中所指定的IP地址和端口,这允许远程攻击者利用内网FTP服务器转发任意TCP。
这个漏洞直接的影响是对于向内部客户端提供NAT的Airpor产品,能够访问这些产品外部所转发FTP端口的用户可以通过向任意地址和端口发送数据在NAT内执行FTP服务器操作。
漏洞公告
目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/
参考网址
来源: XF
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-ftpproxy-security-bypass(56701)
链接:http://xforce.iss.net/xforce/xfdb/56701
来源: BID
名称: 38543
链接:http://www.securityfocus.com/bid/38543
来源: BUGTRAQ
名称: 20100309 Re: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass
链接:http://www.securityfocus.com/archive/1/archive/1/509974/100/0/threaded
来源: BUGTRAQ
名称: 20100304 CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass
链接:http://www.securityfocus.com/archive/1/archive/1/509867/100/0/threaded
来源: FULLDISC
名称: 20100304 CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass
链接:http://seclists.org/fulldisclosure/2010/Mar/106
来源:NSFOCUS 名称:14622 链接:http://www.nsfocus.net/vulndb/14622
受影响实体
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Airport_express:7.5
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Airport_extreme:7.5
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Time_capsule:7.5
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论