Menu

Database

Marvell EAPOL-Key Length Overflow

WVE ID: WVE-2008-0009

Type: Vulnerability

Status: Candidate

Classification:
Input Manipulation

Description:
Some versions of the Marvell wireless driver used in access points such as the Netgear WN802T do not correctly validate the EAPOL key fields.

Discussion:
A malicious EAPOL-Key packet with an invalid advertised length can trigger a denial of service or possible code execution. This can only be achieved after a successful 802.11 association exchange.

Credits
Author: Laurent Butti (laurent.butti@orange-ftgroup.com) : Orange FT
Author: Julien Tinnes (julien.tinnes@orange-ftgroup.com) : Orange-FT

References
URL: http://www.securityfocus.com/archive/1/495982

Released: 2008-09-04

Submitter
: None

Submitted: Mon Sep 15 07:11:05 -0700 2008

Candidate Date: Wed Sep 17 12:28:16 -0700 2008


Recent Entries

TKIP Replay and Plaintext Discovery
WVE-2008-0013 11/18/2008
Active Https Cookie Hijacking
WVE-2008-0012 9/18/2008
Auto Immune Attack
WVE-2008-0011 9/17/2008
Marvell Null SSID Association Request
WVE-2008-0010 9/15/2008
Marvell EAPOL-Key Length Overflow
WVE-2008-0009 9/15/2008
Atheros IE Tag Overflow
WVE-2008-0008 9/15/2008
Weaknesses in the A5/1 Cipher
WVE-2008-0007 4/9/2008
Block ACK DoS
WVE-2008-0006 4/9/2008
GF Mode WIDS Rogue AP Evasion
WVE-2008-0005 4/9/2008
HT Intolerant Degradation of Service
WVE-2008-0004 4/9/2008
More Entries...

News

SANS Institute Sponsors WVE
4/19/2008
Wireless Attackers and Honeypot Technology
4/15/2008
High Speed Risks in 802.11n Slides Posted
4/11/2008
Vulnerabilities in 802.11n
4/9/2008
WVE Editors Speaking at SHARKFEST.08
1/3/2008
More News...