Intel PROset/Wireless Local Information Disclosure Vulnerability
BID:17914
CVE-2006-2316 |Info
Intel PROset/Wireless Local Information Disclosure Vulnerability
| Bugtraq ID: | 17914 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | May 09 2006 12:00AM |
| Updated: | May 10 2006 05:49PM |
| Credit: | Rubén Santamarta discovered this vulnerability. |
| Vulnerable: |
Intel PROSet/Wireless 10.1 .33 |
| Not Vulnerable: | |
Discussion
Intel PROset/Wireless Local Information Disclosure Vulnerability
Intel PROset/Wireless software is susceptible to a local information-disclosure vulnerability. This issue is due to insecure permissions being applied to shared-memory segments.
This issue allows local, unprivileged attackers to gain access to potentially sensitive network configuration and authentication information. Information gathered by exploiting this issue will aid them in further attacks.
Version 10.1.0.33 of the Intel PROset/Wireless software is vulnerable to this issue; other versions may also be affected.
Intel PROset/Wireless software is susceptible to a local information-disclosure vulnerability. This issue is due to insecure permissions being applied to shared-memory segments.
This issue allows local, unprivileged attackers to gain access to potentially sensitive network configuration and authentication information. Information gathered by exploiting this issue will aid them in further attacks.
Version 10.1.0.33 of the Intel PROset/Wireless software is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Intel PROset/Wireless Local Information Disclosure Vulnerability
To exploit this issue, attackers can use readily available utilities.
The following exploit code tries to retrieve authentication keys from the affected shared-memory segment:
To exploit this issue, attackers can use readily available utilities.
The following exploit code tries to retrieve authentication keys from the affected shared-memory segment:
Solution / Fix
Intel PROset/Wireless Local Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Intel PROset/Wireless Local Information Disclosure Vulnerability
References:
References:
- Intel PROset/Wireless Software Product Page (Intel)
- Where is my WEP? (Rubén Santamarta)