CVE-2010-0962

Name of the Vulnerable Software and Affected Versions Apple AirPort Express, AirPort Extreme, and Time Capsule version 7.5

Description The issue concerns the FTP proxy server, which does not properly restrict IP addresses and ports specified in a PORT command from a client. This allows remote attackers to use intranet FTP servers for arbitrary TCP forwarding by crafting a PORT command.

Recommendations For Apple AirPort Express, AirPort Extreme, and Time Capsule version 7.5, consider restricting access to the FTP proxy server until a fix is available. As a temporary workaround, restrict the use of the PORT command to minimize the risk of exploitation.