Focus on Apple
Apple Releases Apple TV Security Update 1.1 Jun 20 2007 04:48PM
Todd Woodward (todd_woodward symantec com)
As always, more detailed information can be obtained from Apple's Knowledge Base document:

A clip from the document:

CVE-ID: CVE-2007-2386

Impact: A remote attacker may be able to cause a denial of service or arbitrary code execution

Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the Apple TV implementation. By sending a maliciously crafted packet, a remote attacker can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets. Credit to Michael Lynn of Juniper Networks for reporting this issue.


Security Response Researcher
Focus-Apple Moderator
Todd D. Woodward
Technical Support Engineer
Data Center Management Group
Symantec Corporation
Office: 541-335-7441

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus