NetGear WG311v1 Wireless Driver SSID Heap Buffer Overflow Vulnerability
BID:21251
Info
NetGear WG311v1 Wireless Driver SSID Heap Buffer Overflow Vulnerability
| Bugtraq ID: | 21251 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 22 2006 12:00AM |
| Updated: | Nov 24 2006 08:35PM |
| Credit: | Laurent Butti is credited with the discovery of this vulnerability. |
| Vulnerable: |
NetGear WG311ND5.SYS Driver 2.3.1 10 |
| Not Vulnerable: | |
Discussion
NetGear WG311v1 Wireless Driver SSID Heap Buffer Overflow Vulnerability
NetGear WG311v1 Wireless devices are prone to a heap-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.
Although the WG311v1ND5.SYS driver is used primarily on Microsoft Windows, users of Linux and BSD machines running the 'ndiswrapper' tool should determine if they are using a vulnerable instance of the driver.
Version 2.3.1.10 of the WG311v1ND5.SYS driver is vulnerable to this issue; other versions may also be affected.
NetGear WG311v1 Wireless devices are prone to a heap-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.
Although the WG311v1ND5.SYS driver is used primarily on Microsoft Windows, users of Linux and BSD machines running the 'ndiswrapper' tool should determine if they are using a vulnerable instance of the driver.
Version 2.3.1.10 of the WG311v1ND5.SYS driver is vulnerable to this issue; other versions may also be affected.
Exploit / POC
NetGear WG311v1 Wireless Driver SSID Heap Buffer Overflow Vulnerability
The following Metasploit exploit is available:
The following Metasploit exploit is available:
Solution / Fix
NetGear WG311v1 Wireless Driver SSID Heap Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
NetGear WG311v1 Wireless Driver SSID Heap Buffer Overflow Vulnerability
References:
References:
- MOKB-22-11-2006 (Laurent Butti )
- NetGear WG311v1 Home Page (NetGear)