Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:395496
HistoryNov 20, 2006 - 12:00 a.m.

NetGear wireless driver fails to properly process certain 802.11 management frames

2006-11-2000:00:00
www.kb.cert.org
5

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.186 Low

EPSS

Percentile

96.3%

JSON

Overview

A buffer overflow vulnerability exists in the Netgear MA521nd5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition.

Description

The MA521nd5.SYS driver is a wireless (802.11b) device driver produced by Netgear.

A buffer overflow vulnerability has been reported in the MA521nd5.SYS driver. An attacker within radio range may be able to trigger the overflow by sending a specially-crafted 802.11 management frame to a vulnerable system. Since 802.11b and 802.11g management frames are not encrypted, using wireless encryption (WEP/WPA) does not mitigate this vulnerability.

Note that Linux or Unix systems that use NDISWrapper or similar technologies to load the MA521nd5.SYS driver may also be vulnerable.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code, or cause a denial-of-service condition on a vulnerable system.

Solution

We are currently unaware of a practical solution to this problem.

Disable wireless adapters

Disabling wireless adapters may reduce the chances of this vulnerability being exploited.

Vendor Information

395496

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Netgear, Inc. Unknown

Updated: November 20, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This issue was reported by Laurent Butti, H D Moore and LMH on the Month of Kernel Bugs website.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: CVE-2006-6059
Severity Metric: 3.99 Date Public:

Related

nvd 1
cve 1
cvelist 1
nvd
nvd
CVE-2006-6059
2006-11-22 01:07:00
cve
cve
CVE-2006-6059
2006-11-22 01:07:00
cvelist
cvelist
CVE-2006-6059
2006-11-22 01:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.186 Low

EPSS

Percentile

96.3%

JSON
Related for VU:395496
nvd1cve1cvelist1