{"vuid":"VU#395496","idnumber":"395496","name":"NetGear wireless driver fails to properly process certain 802.11 management frames","keywords":["NetGear","MA521","memory corruption","arbitrary code execution","wireless driver","MA521nd5.SYS","supported rates","information element","802.11","beacon","probe response"],"overview":"A buffer overflow vulnerability exists in the Netgear MA521nd5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition.","clean_desc":"The MA521nd5.SYS driver is a wireless (802.11b) device driver produced by Netgear. A buffer overflow vulnerability has been reported in the MA521nd5.SYS driver. An attacker within radio range may be able to trigger the overflow by sending a specially-crafted 802.11 management frame to a vulnerable system. Since 802.11b and 802.11g management frames are not encrypted, using wireless encryption (WEP/WPA) does not mitigate this vulnerability. Note that Linux or Unix systems that use NDISWrapper or similar technologies to load the MA521nd5.SYS driver may also be vulnerable.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition on a vulnerable system.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"Disable wireless adapters Disabling wireless adapters may reduce the chances of this vulnerability being exploited.","sysaffected":"","thanks":"This issue was reported by Laurent Butti, H D Moore and LMH on the Month of Kernel Bugs website.","author":"This document was written by Ryan Giobbi.","public":["http://projects.info-pull.com/mokb/MOKB-18-11-2006.html","http://secunia.com/advisories/23036/"],"cveids":["CVE-2006-6059"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-11-19T16:27:25Z","publicdate":"2006-11-18T00:00:00Z","datefirstpublished":"2006-11-20T14:08:21Z","dateupdated":"2006-11-20T14:17:28Z","revision":28,"vrda_d1_directreport":"0","vrda_d1_population":"1","vrda_d1_impact":"4","cam_widelyknown":"18","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"3","cam_impact":"15","cam_easeofexploitation":"15","cam_attackeraccessrequired":"15","cam_scorecurrent":"3.98671875","cam_scorecurrentwidelyknown":"4.36640625","cam_scorecurrentwidelyknownexploited":"8.16328125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.98671875,"vulnote":null}