Details of VAR-200608-0511

ID

VAR-200608-0511

CVE

CVE-2006-4022

TITLE

Drivers for the Intel 2100 PRO/Wireless Network Connection Hardware contain a memory corruption vulnerability

Trust: 0.8

sources: CERT/CC: VU#824500

DESCRIPTION

Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992. Microsoft Windows drivers for Intel 2100 PRO/Wireless Network Connection Hardware contain a memory corruption vulnerability. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. Intel PRO/Wireless 2100 versions prior to 7.1.4.6 with driver version 1.2.4.37 for Windows are vulnerable

Trust: 2.7

sources: NVD: CVE-2006-4022 // CERT/CC: VU#824500 // JVNDB: JVNDB-2006-000932 // BID: 19299 // VULHUB: VHN-20130

AFFECTED PRODUCTS

vendor:	intel	model:	2100 proset wireless	scope:	eq	version:	7.1.4.5	Trust: 1.6
vendor:	intel	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	pro/wireless 2100	scope:	eq	version:	2100 network connection equipped with windows system	Trust: 0.8
vendor:	intel	model:	pro/wireless	scope:	eq	version:	21007	Trust: 0.3
vendor:	intel	model:	pro/wireless driver	scope:	ne	version:	21007.1.4.61.2.4	Trust: 0.3

sources: CERT/CC: VU#824500 // BID: 19299 // JVNDB: JVNDB-2006-000932 // CNNVD: CNNVD-200608-107 // NVD: CVE-2006-4022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-4022
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#824500
value:	0.43
Trust: 0.8
NVD:	CVE-2006-4022
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200608-107
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-20130
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-4022
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-20130
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#824500 // VULHUB: VHN-20130 // JVNDB: JVNDB-2006-000932 // CNNVD: CNNVD-200608-107 // NVD: CVE-2006-4022

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4022

THREAT TYPE

local

Trust: 0.9

sources: BID: 19299 // CNNVD: CNNVD-200608-107

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200608-107

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-000932

PATCH

title:	NV06-004	url:	http://www.nec.co.jp/security-info/secinfo/nv06-004.html	Trust: 0.8
title:	info222	url:	http://vcl.vaio.sony.co.jp/notices/security/info222.html	Trust: 0.8
title:	2006/08/01	url:	http://www.fmworld.net/biz/common/intel/wlan.html	Trust: 0.8
title:	info0608111	url:	http://www.hitachi.co.jp/Prod/comp/OSD/pc/flora/information/info0608111.html	Trust: 0.8

sources: JVNDB: JVNDB-2006-000932

EXTERNAL IDS

db:	CERT/CC	id:	VU#824500	Trust: 3.3
db:	BID	id:	19299	Trust: 2.8
db:	NVD	id:	CVE-2006-4022	Trust: 2.8
db:	SECTRACK	id:	1016621	Trust: 2.5
db:	VUPEN	id:	ADV-2006-3099	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-000932	Trust: 0.8
db:	CNNVD	id:	CNNVD-200608-107	Trust: 0.7
db:	VULHUB	id:	VHN-20130	Trust: 0.1

sources: CERT/CC: VU#824500 // VULHUB: VHN-20130 // BID: 19299 // JVNDB: JVNDB-2006-000932 // CNNVD: CNNVD-200608-107 // NVD: CVE-2006-4022

REFERENCES

url:	http://www.securityfocus.com/bid/19299	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/824500	Trust: 2.5
url:	http://securitytracker.com/id?1016621	Trust: 2.5
url:	http://support.intel.com/support/wireless/wlan/pro2100/sb/cs-023067.htm	Trust: 2.0
url:	http://www.frsirt.com/english/advisories/2006/3099	Trust: 1.4
url:	http://www.vupen.com/english/advisories/2006/3099	Trust: 1.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4022	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu%23824500/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4022	Trust: 0.8
url:	http://www.intel.com/network/connectivity/products/wireless/prowireless_mobile.htm	Trust: 0.3

sources: CERT/CC: VU#824500 // VULHUB: VHN-20130 // BID: 19299 // JVNDB: JVNDB-2006-000932 // CNNVD: CNNVD-200608-107 // NVD: CVE-2006-4022

CREDITS

Reported by the vendor.

Trust: 0.3

sources: BID: 19299

SOURCES

db:	CERT/CC	id:	VU#824500
db:	VULHUB	id:	VHN-20130
db:	BID	id:	19299
db:	JVNDB	id:	JVNDB-2006-000932
db:	CNNVD	id:	CNNVD-200608-107
db:	NVD	id:	CVE-2006-4022

LAST UPDATE DATE

2024-08-14T14:00:14.269000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#824500	date:	2007-06-01T00:00:00
db:	VULHUB	id:	VHN-20130	date:	2011-03-08T00:00:00
db:	BID	id:	19299	date:	2016-07-05T21:23:00
db:	JVNDB	id:	JVNDB-2006-000932	date:	2008-11-21T00:00:00
db:	CNNVD	id:	CNNVD-200608-107	date:	2006-08-09T00:00:00
db:	NVD	id:	CVE-2006-4022	date:	2011-03-08T02:40:15.673

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#824500	date:	2006-08-18T00:00:00
db:	VULHUB	id:	VHN-20130	date:	2006-08-09T00:00:00
db:	BID	id:	19299	date:	2006-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2006-000932	date:	2008-11-21T00:00:00
db:	CNNVD	id:	CNNVD-200608-107	date:	2006-08-08T00:00:00
db:	NVD	id:	CVE-2006-4022	date:	2006-08-09T00:04:00