Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2006-0067
Type: Vulnerability
Status: Candidate
Classification:
Input Manipulation
Description:
The driver for Apple's Airport wireless card that utilizes an ORiNOCO chipset is vulnerable to memory corruption which can lead to execution of arbitrary code.
Discussion:
Apple's Airport products prior to the introduction of their Airport Extreme product line utilized the ORiNOCO 802.11b chipset. A vulnerability exists in the driver for these devices which can allow a remote attacker to corrupt kernel memory and execute arbitrary code on the affected system.
The vulnerability stems from improper handling of malformed probe response frames. Thus an attacker can send such a frame with a malicious payload and cause it to be executed.
Currently there is no patch for this issue. An exploit for it has been included in the 3.x series of Metasploit.
Credits
Author:
H D
Moore
: Metasploit Project
References
BID:
http://www.securityfocus.com/bid/20862
FULLDISC:
http://seclists.org/fulldisclosure/2006/Nov/0008.html
URL:
http://projects.info-pull.com/mokb/MOKB-01-11-2006.html
WVE:
WVE-2006-0068
Released: 2006-11-01
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Fri Nov 03 10:37:02 -0800 2006
Candidate Date: Fri Nov 03 10:37:57 -0800 2006
