Menu

Database

FreeBSD 802.11 Stack Overflow

WVE ID: WVE-2006-0004

Type: Vulnerability

Status: Candidate

Classification:
Input Manipulation

Description:
The FreeBSD 6.0 802.11 stack implemented in the kernel is vulnerable to an integer overflow from specially crafted beacon and probe response packets, leading to an execution of arbitrary code at kernel level.

Discussion:
The length of the SSID tagged parameter in beacon and probe response was incorrectly processed, which could lead to an overflow of the 8-bit size integer and an invalid memory copy. This could cause an execution of arbitrary code.

Credits
Author: Karl Janmar (karl@utopiafoundation.org) : None

References
URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:05/80211.patch
URL: http://www.signedness.org/advisories/sps-0x1.txt
URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc
URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:05/80211.patch.asc
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0226
URL: http://osvdb.org/displayvuln.php?osvdb_id=22537

Released: 2006-01-18

Submitter
: None

Submitted: Wed Jan 18 10:49:33 -0800 2006

Candidate Date: Wed Jan 18 13:36:41 -0800 2006


Recent Entries

Weaknesses in the A5/1 Cipher
WVE-2008-0007 4/9/2008
Block ACK DoS
WVE-2008-0006 4/9/2008
GF Mode WIDS Rogue AP Evasion
WVE-2008-0005 4/9/2008
HT Intolerant Degradation of Service
WVE-2008-0004 4/9/2008
Sidejacking
WVE-2008-0003 4/2/2008
ZiPhone
WVE-2008-0002 4/2/2008
RADIUS Key Delivery Exposure
WVE-2008-0001 3/21/2008
BackTrack
WVE-2007-0020 11/19/2007
Airoscript
WVE-2007-0019 11/19/2007
airoway.sh
WVE-2007-0018 11/19/2007
More Entries...

News

SANS Institute Sponsors WVE
4/19/2008
Wireless Attackers and Honeypot Technology
4/15/2008
High Speed Risks in 802.11n Slides Posted
4/11/2008
Vulnerabilities in 802.11n
4/9/2008
WVE Editors Speaking at SHARKFEST.08
1/3/2008
More News...