Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2006-0064
Type: Vulnerability
Status: Candidate
Classification:
Denial of Service
Input Manipulation
Description:
Many varieties of legacy wireless LAN IEEE 802.11b cards are vulnerable to a persistent DoS attack condition when processing malformed probe response frames. This flaw in the firmware of wireless cards allows an attacker to mount a more effective DoS attack against vulnerable stations, often requiring a reboot for the target station to recover.
Discussion:
Legacy IEEE 802.11b wireless LAN cards based on the Choice MAC (Intersil and legacy Lucent/Agere/Orinoco cards including Apple Airport cards) are vulnerable to a flaw in the processing of malformed probe response frames. When vulnerable cards receive a probe response frame with the SSID information element set to the broadcast value, the cards become inoperable until they have been power-cycled.
Credits
Author:
Joshua
Wright
(jwright@arubanetworks.com)
: Aruba Networks
Author:
Seng Ooh
Too
: None
Author:
Mike
Kershaw
(mkershaw@arubanetworks.com)
: Aruba Networks
References
URL:
http://802.11ninja.net/papers/firmware_attack.pdf
Released: 2006-09-29
Submitter
Joshua
Wright
(jwright@arubanetworks.com)
: Aruba Networks
Submitted: Fri Sep 29 08:08:09 -0700 2006
Candidate Date: Fri Sep 29 08:09:10 -0700 2006
