Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2007-0001
Type: Vulnerability
Status: Candidate
Classification:
Input Manipulation
Description:
A vulnerability exists in the Windows drivers for both the Intel 2200BG and 2915ABG PRO/Wireless chipsets which may allow remote code execution through malformed beacon frames with an overly long SSID information element.
Discussion:
Intel Centrino drivers version 9.0.3.9 for Windows contain a vulnerability that may allow a remote attacker to execute arbitrary code on vulnerable hosts. This vulnerability affects both Intel 2200BG and 2915ABG adapters.
The vulnerability is triggered by parsing 802.11 beacon frames with an overly long SSID information element which causes memory corruption on the target host. Because beacon frames are sent to the broadcast address, an attacker can compromise multiple hosts without targeting an individual station.
The Centrino 9.0.4.17 drivers resolve this vulnerability. It is believed but unconfirmed that all driver versions prior to 9.0.4.17 are vulnerable for the 2200BG and 2915ABG chipsets. Current proof-of-concept exploits trigger a DoS condition on vulnerable hosts, however, it is belived that remote code execution is possible.
Credits
Author:
Jon
Ellch
: None
Author:
Breno
Silva Pinto
: Open Communications Security
References
URL:
http://www.securiteam.com/windowsntfocus/6B00D2KHPA.html
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6651
Released: 2006-12-19
Submitter
Joshua
Wright
(jwright@arubanetworks.com)
: Aruba Networks
Submitted: Thu Jan 04 11:53:09 -0800 2007
Candidate Date: Thu Jan 04 12:05:23 -0800 2007
