ID
VAR-200611-0467
CVE
CVE-2006-6125
TITLE
NetGear wireless driver fails to properly process specially-crafted 802.11 management frames
Trust: 0.8
DESCRIPTION
Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions. Although the WG311v1ND5.SYS driver is used primarily on Microsoft Windows, users of Linux and BSD machines running the 'ndiswrapper' tool should determine if they are using a vulnerable instance of the driver. Version 2.3.1.10 of the WG311v1ND5.SYS driver is vulnerable to this issue; other versions may also be affected. WG311 is a 54M wireless PCI card. Remote attackers can trigger this vulnerability by sending specially crafted packets, which may result in denial of service or execution of arbitrary commands. The problem exists in the WG311ND5.SYS driver, which is reproduced on Windows systems, but Linux and FreeBSD may also be affected by similar vulnerabilities. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. The vulnerability is caused due to a boundary error in the WG311ND5.SYS device driver when handling long SSIDs. This can be exploited to cause a heap-based buffer overflow via a specially crafted packet. SOLUTION: Turn off the wireless card when not in use. PROVIDED AND/OR DISCOVERED BY: Laurent Butti ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-22-11-2006.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
Trust: 2.88
AFFECTED PRODUCTS
| vendor: | netgear | model: | wg311v1 | scope: | eq | version: | 2.3.1.10 | Trust: 1.7 |
| vendor: | netgear | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | net gear | model: | wg311v1 | scope: | eq | version: | 2.3.1.10 | Trust: 0.8 |
| vendor: | netgear | model: | wg311nd5.sys driver | scope: | eq | version: | 2.3.110 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-119 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer overflow
Trust: 0.6
CONFIGURATIONS
EXPLOIT AVAILABILITY
PATCH
| title: | WG311 Software Version 1.3 | url: | http://kb.netgear.com/app/answers/detail/a_id/738 | Trust: 0.8 |
| title: | wifuzzit | url: | https://github.com/0xd012/wifuzzit | Trust: 0.1 |
| title: | wifuzzit | url: | https://github.com/flowerhack/wifuzzit | Trust: 0.1 |
| title: | wifuzzit | url: | https://github.com/84KaliPleXon3/wifuzzit | Trust: 0.1 |
| title: | wifuzzit | url: | https://github.com/PleXone2019/wifuzzit | Trust: 0.1 |
| title: | wifuzzit | url: | https://github.com/wi-fi-analyzer/wifuzzit | Trust: 0.1 |
EXTERNAL IDS
| db: | CERT/CC | id: | VU#403152 | Trust: 3.4 |
| db: | SECUNIA | id: | 23051 | Trust: 2.7 |
| db: | NVD | id: | CVE-2006-6125 | Trust: 2.6 |
| db: | BID | id: | 21251 | Trust: 2.1 |
| db: | SECTRACK | id: | 1017275 | Trust: 1.8 |
| db: | VUPEN | id: | ADV-2006-4674 | Trust: 1.8 |
| db: | JVNDB | id: | JVNDB-2004-000632 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-200611-410 | Trust: 0.7 |
| db: | EXPLOIT-DB | id: | 29167 | Trust: 0.2 |
| db: | SEEBUG | id: | SSVID-82697 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-22233 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2006-6125 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 52470 | Trust: 0.1 |
REFERENCES
| url: | http://projects.info-pull.com/mokb/mokb-22-11-2006.html | Trust: 3.0 |
| url: | http://www.kb.cert.org/vuls/id/403152 | Trust: 2.6 |
| url: | http://www.securityfocus.com/bid/21251 | Trust: 1.8 |
| url: | http://securitytracker.com/id?1017275 | Trust: 1.8 |
| url: | http://secunia.com/advisories/23051 | Trust: 1.8 |
| url: | http://www.vupen.com/english/advisories/2006/4674 | Trust: 1.2 |
| url: | http://secunia.com/advisories/23051/ | Trust: 0.9 |
| url: | http://standards.ieee.org/getieee802/download/802.11-1999.pdf | Trust: 0.8 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6125 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6125 | Trust: 0.8 |
| url: | http://www.frsirt.com/english/advisories/2006/4674 | Trust: 0.6 |
| url: | http://kbserver.netgear.com/products/wg311v1.asp | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/119.html | Trust: 0.1 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=12145 | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://www.exploit-db.com/exploits/29167/ | Trust: 0.1 |
| url: | http://secunia.com/secunia_security_advisories/ | Trust: 0.1 |
| url: | http://secunia.com/product/12717/ | Trust: 0.1 |
| url: | http://corporate.secunia.com/products/48/?r=l | Trust: 0.1 |
| url: | http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org | Trust: 0.1 |
| url: | http://corporate.secunia.com/how_to_buy/15/?r=l | Trust: 0.1 |
| url: | http://secunia.com/about_secunia_advisories/ | Trust: 0.1 |
CREDITS
Laurent Butti laurent.butti@orange-ftgroup.com
Trust: 0.6
SOURCES
| db: | CERT/CC | id: | VU#403152 |
| db: | VULHUB | id: | VHN-22233 |
| db: | VULMON | id: | CVE-2006-6125 |
| db: | BID | id: | 21251 |
| db: | JVNDB | id: | JVNDB-2004-000632 |
| db: | PACKETSTORM | id: | 52470 |
| db: | CNNVD | id: | CNNVD-200611-410 |
| db: | NVD | id: | CVE-2006-6125 |
LAST UPDATE DATE
2024-08-14T15:19:59.994000+00:00
SOURCES UPDATE DATE
| db: | CERT/CC | id: | VU#403152 | date: | 2006-11-27T00:00:00 |
| db: | VULHUB | id: | VHN-22233 | date: | 2011-10-17T00:00:00 |
| db: | VULMON | id: | CVE-2006-6125 | date: | 2011-10-17T00:00:00 |
| db: | BID | id: | 21251 | date: | 2006-11-24T20:35:00 |
| db: | JVNDB | id: | JVNDB-2004-000632 | date: | 2012-09-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-200611-410 | date: | 2006-11-30T00:00:00 |
| db: | NVD | id: | CVE-2006-6125 | date: | 2011-10-17T04:00:00 |
SOURCES RELEASE DATE
| db: | CERT/CC | id: | VU#403152 | date: | 2006-11-27T00:00:00 |
| db: | VULHUB | id: | VHN-22233 | date: | 2006-11-27T00:00:00 |
| db: | VULMON | id: | CVE-2006-6125 | date: | 2006-11-27T00:00:00 |
| db: | BID | id: | 21251 | date: | 2006-11-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2004-000632 | date: | 2012-09-25T00:00:00 |
| db: | PACKETSTORM | id: | 52470 | date: | 2006-11-26T04:47:38 |
| db: | CNNVD | id: | CNNVD-200611-410 | date: | 2006-11-26T00:00:00 |
| db: | NVD | id: | CVE-2006-6125 | date: | 2006-11-27T00:07:00 |