NetGear WG111v2 Wireless Driver Long Beacon Buffer Overflow Vulnerability
BID:21126
Info
NetGear WG111v2 Wireless Driver Long Beacon Buffer Overflow Vulnerability
| Bugtraq ID: | 21126 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 16 2006 12:00AM |
| Updated: | Jan 15 2007 11:30PM |
| Credit: | H D Moore <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
NetGear WG111v2.SYS driver 5.1213.6.316 NetGear WG111v2 wireless adapter (USB) 0 |
| Not Vulnerable: | |
Discussion
NetGear WG111v2 Wireless Driver Long Beacon Buffer Overflow Vulnerability
NetGear WG111v2 Wireless devices are prone to a stack-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.
The WG111v2.SYS driver is primarily used on Windows, but administrators should check Linux and BSD machines using the 'ndiswrapper' tool to determine if they are using a vulnerable instance of the driver.
Note also that an attacker can exploit tthis vulnerability only from within the range of broadcast of 802.11 wireless connections.
Version 5.1213.6.316 of the WG111v2.SYS driver is vulnerable to this issue; other versions may also be affected.
NetGear WG111v2 Wireless devices are prone to a stack-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.
The WG111v2.SYS driver is primarily used on Windows, but administrators should check Linux and BSD machines using the 'ndiswrapper' tool to determine if they are using a vulnerable instance of the driver.
Note also that an attacker can exploit tthis vulnerability only from within the range of broadcast of 802.11 wireless connections.
Version 5.1213.6.316 of the WG111v2.SYS driver is vulnerable to this issue; other versions may also be affected.
Exploit / POC
NetGear WG111v2 Wireless Driver Long Beacon Buffer Overflow Vulnerability
The following Metasploit exploit is available:
The following Metasploit exploit is available:
Solution / Fix
NetGear WG111v2 Wireless Driver Long Beacon Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
NetGear WG111v2 Wireless Driver Long Beacon Buffer Overflow Vulnerability
References:
References:
- Exploiting 802.11 Wireless Driver Vulnerabilities on Windows (Uninformed)
- NetGear WG111v2 Home Page (NetGear)
- Vulnerability Note VU#445753 (US-CERT)