Sign-up

ID

VAR-200611-0485


CVE

CVE-2006-6059


TITLE

NetGear wireless driver fails to properly process certain 802.11 management frames

Trust: 0.8

sources: CERT/CC: VU#395496

DESCRIPTION

Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a "memory corruption" error, but the associated exploit code suggests that it is a buffer overflow. A buffer overflow vulnerability exists in the Netgear MA521nd5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. NetGear MA521 is an 802.11b wireless PC network card.  If a malformed frame (beacon or probe response) is received in the active scan mode, the MA521nd5.SYS driver of the MA521 will attempt to write to a memory location controlled by the attacker. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions. Note that this vulnerability can be exploited only when an attacker is within the range of broadcast of 802.11 wireless connections. Version 5.148.724.2003 of the MA521nd5.SYS driver is vulnerable to this issue; other versions may also be affected. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: NetGear MA521 Wireless Driver Long Rates Memory Corruption SECUNIA ADVISORY ID: SA23036 VERIFY ADVISORY: http://secunia.com/advisories/23036/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: NetGear MA521 802.11b Wireless PC Card 5.x http://secunia.com/product/12673/ DESCRIPTION: Laurent Butti has reported a vulnerability in NetGear MA521 Wireless driver, which can be exploited by malicious people to compromise a vulnerable system. This can be exploited to cause a memory corruption via a specially crafted packet when the driver is running in active scanning mode. The vulnerability is reported in version 5.148.724.2003. SOLUTION: Turn off the wireless card when not in use. PROVIDED AND/OR DISCOVERED BY: Laurent Butti ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-18-11-2006.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.42

sources: NVD: CVE-2006-6059 // CERT/CC: VU#395496 // JVNDB: JVNDB-2006-002443 // CNVD: CNVD-2006-8551 // BID: 21175 // VULHUB: VHN-22167 // VULMON: CVE-2006-6059 // PACKETSTORM: 52316

AFFECTED PRODUCTS

vendor:netgearmodel:ma521 driverscope:lteversion:5.148.724.2003

Trust: 1.0

vendor:net gearmodel:ma521 driverscope:eqversion:5.148.724.2003

Trust: 0.8

vendor:netgearmodel:ma521 driverscope:eqversion:5.148.724.2003

Trust: 0.7

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:netgearmodel:ma521nd5.sys driverscope:eqversion:5.148.7242003

Trust: 0.3

vendor:netgearmodel:ma521 wireless adapterscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2006-8551 // VULMON: CVE-2006-6059 // BID: 21175 // JVNDB: JVNDB-2006-002443 // CNNVD: CNNVD-200611-325 // NVD: CVE-2006-6059

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-6059
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#395496
value: 3.99

Trust: 0.8

NVD: CVE-2006-6059
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200611-325
value: CRITICAL

Trust: 0.6

VULHUB: VHN-22167
value: HIGH

Trust: 0.1

VULMON: CVE-2006-6059
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-6059
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-22167
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#395496 // VULHUB: VHN-22167 // VULMON: CVE-2006-6059 // JVNDB: JVNDB-2006-002443 // CNNVD: CNNVD-200611-325 // NVD: CVE-2006-6059

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6059

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200611-325

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200611-325

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-002443

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-22167 // 
            
            
            
            VULMON: CVE-2006-6059

PATCH
title:Top Pageurl:http://www.netgear.com/
Trust: 0.8
title:wifuzziturl:https://github.com/0xd012/wifuzzit 
Trust: 0.1
title:wifuzziturl:https://github.com/flowerhack/wifuzzit 
Trust: 0.1
title:wifuzziturl:https://github.com/84KaliPleXon3/wifuzzit 
Trust: 0.1
title:wifuzziturl:https://github.com/PleXone2019/wifuzzit 
Trust: 0.1
title:wifuzziturl:https://github.com/wi-fi-analyzer/wifuzzit 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2006-6059 // 
            
            
            
            JVNDB: JVNDB-2006-002443

EXTERNAL IDS
db:CERT/CCid:VU#395496
Trust: 3.7
db:NVDid:CVE-2006-6059
Trust: 3.5
db:SECUNIAid:23036
Trust: 2.7
db:BIDid:21175
Trust: 2.1
db:SECTRACKid:1017254
Trust: 1.8
db:VUPENid:ADV-2006-4604
Trust: 1.8
db:JVNDBid:JVNDB-2006-002443
Trust: 0.8
db:CNVDid:CNVD-2006-8551
Trust: 0.6
db:XFid:30442
Trust: 0.6
db:XFid:521
Trust: 0.6
db:CNNVDid:CNNVD-200611-325
Trust: 0.6
db:EXPLOIT-DBid:29096
Trust: 0.2
db:SEEBUGid:SSVID-82632
Trust: 0.1
db:VULHUBid:VHN-22167
Trust: 0.1
db:VULMONid:CVE-2006-6059
Trust: 0.1
db:PACKETSTORMid:52316
Trust: 0.1
sources:
            
            
            CERT/CC: VU#395496 // 
            
            
            
            CNVD: CNVD-2006-8551 // 
            
            
            
            VULHUB: VHN-22167 // 
            
            
            
            VULMON: CVE-2006-6059 // 
            
            
            
            BID: 21175 // 
            
            
            
            JVNDB: JVNDB-2006-002443 // 
            
            
            
            PACKETSTORM: 52316 // 
            
            
            
            CNNVD: CNNVD-200611-325 // 
            
            
            
            NVD: CVE-2006-6059

REFERENCES
url:http://www.kb.cert.org/vuls/id/395496
Trust: 2.9
url:http://projects.info-pull.com/mokb/mokb-18-11-2006.html
Trust: 2.7
url:http://www.securityfocus.com/bid/21175
Trust: 1.9
url:http://securitytracker.com/id?1017254
Trust: 1.8
url:http://secunia.com/advisories/23036
Trust: 1.8
url:http://www.vupen.com/english/advisories/2006/4604
Trust: 1.2
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/30442
Trust: 1.2
url:http://secunia.com/advisories/23036/
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6059
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6059
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2006/4604
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/30442
Trust: 0.6
url:http://www.netgear.com/products/adapters/bwirelessadapters/ma521.aspx
Trust: 0.3
url:http://kernelfun.blogspot.com/2006/11/mokb-18-11-2006-netgear-ma521-wireless.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/29096/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://corporate.secunia.com/products/48/?r=l
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/15/?r=l
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/product/12673/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#395496 // 
            
            
            
            VULHUB: VHN-22167 // 
            
            
            
            VULMON: CVE-2006-6059 // 
            
            
            
            BID: 21175 // 
            
            
            
            JVNDB: JVNDB-2006-002443 // 
            
            
            
            PACKETSTORM: 52316 // 
            
            
            
            CNNVD: CNNVD-200611-325 // 
            
            
            
            NVD: CVE-2006-6059

CREDITS
Laurent Butti laurent.butti@orange-ftgroup.comH D Moore hdm@metasploit.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200611-325

SOURCES
db:CERT/CCid:VU#395496
db:CNVDid:CNVD-2006-8551
db:VULHUBid:VHN-22167
db:VULMONid:CVE-2006-6059
db:BIDid:21175
db:JVNDBid:JVNDB-2006-002443
db:PACKETSTORMid:52316
db:CNNVDid:CNNVD-200611-325
db:NVDid:CVE-2006-6059

LAST UPDATE DATE
2024-08-14T14:59:06.236000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#395496date:2006-11-20T00:00:00
db:CNVDid:CNVD-2006-8551date:2006-11-18T00:00:00
db:VULHUBid:VHN-22167date:2017-07-20T00:00:00
db:VULMONid:CVE-2006-6059date:2017-07-20T00:00:00
db:BIDid:21175date:2016-07-06T13:33:00
db:JVNDBid:JVNDB-2006-002443date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200611-325date:2006-12-12T00:00:00
db:NVDid:CVE-2006-6059date:2017-07-20T01:34:10.383

SOURCES RELEASE DATE
db:CERT/CCid:VU#395496date:2006-11-20T00:00:00
db:CNVDid:CNVD-2006-8551date:2006-11-18T00:00:00
db:VULHUBid:VHN-22167date:2006-11-22T00:00:00
db:VULMONid:CVE-2006-6059date:2006-11-22T00:00:00
db:BIDid:21175date:2006-11-18T00:00:00
db:JVNDBid:JVNDB-2006-002443date:2012-09-25T00:00:00
db:PACKETSTORMid:52316date:2006-11-20T16:05:00
db:CNNVDid:CNNVD-200611-325date:2006-11-21T00:00:00
db:NVDid:CVE-2006-6059date:2006-11-22T01:07:00