Menu

Database

FreeBSD 802.11 Stack Overflow

WVE ID: WVE-2006-0004

Type: Vulnerability

Status: Candidate

Classification:
Input Manipulation

Description:
The FreeBSD 6.0 802.11 stack implemented in the kernel is vulnerable to an integer overflow from specially crafted beacon and probe response packets, leading to an execution of arbitrary code at kernel level.

Discussion:
The length of the SSID tagged parameter in beacon and probe response was incorrectly processed, which could lead to an overflow of the 8-bit size integer and an invalid memory copy. This could cause an execution of arbitrary code.

Credits
Author: Karl Janmar (karl@utopiafoundation.org) : None

References
URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:05/80211.patch
URL: http://www.signedness.org/advisories/sps-0x1.txt
URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc
URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:05/80211.patch.asc
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0226
URL: http://osvdb.org/displayvuln.php?osvdb_id=22537

Released: 2006-01-18

Submitter
: None

Submitted: Wed Jan 18 10:49:33 -0800 2006

Candidate Date: Wed Jan 18 13:36:41 -0800 2006


Recent Entries

TKIP Replay and Plaintext Discovery
WVE-2008-0013 11/18/2008
Active Https Cookie Hijacking
WVE-2008-0012 9/18/2008
Auto Immune Attack
WVE-2008-0011 9/17/2008
Marvell Null SSID Association Request
WVE-2008-0010 9/15/2008
Marvell EAPOL-Key Length Overflow
WVE-2008-0009 9/15/2008
Atheros IE Tag Overflow
WVE-2008-0008 9/15/2008
Weaknesses in the A5/1 Cipher
WVE-2008-0007 4/9/2008
Block ACK DoS
WVE-2008-0006 4/9/2008
GF Mode WIDS Rogue AP Evasion
WVE-2008-0005 4/9/2008
HT Intolerant Degradation of Service
WVE-2008-0004 4/9/2008
More Entries...

News

SANS Institute Sponsors WVE
4/19/2008
Wireless Attackers and Honeypot Technology
4/15/2008
High Speed Risks in 802.11n Slides Posted
4/11/2008
Vulnerabilities in 802.11n
4/9/2008
WVE Editors Speaking at SHARKFEST.08
1/3/2008
More News...