{"vuid":"VU#445753","idnumber":"445753","name":"NetGear wireless driver fails to properly process certain 802.11 management frames","keywords":["NetGear WG111v2 wireless driver","buffer overflow","stack-based","USB","802.11","beacon request","1100 bytes","WG111v2.SYS"],"overview":"A buffer overflow vulnerability has been reported in the Netgear WG111v2.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition.","clean_desc":"The WG111v2.SYS driver is a wireless (802.11) device driver produced by Netgear. A stack buffer overflow vulnerability has been reported in the WG111v2.SYS  driver. An attacker may be able to trigger the overflow by sending a malformed beacon request frame to a vulnerable system. Since 802.11b and 802.11g management frames are not encrypted, using wireless encryption (WEP/WPA) does not mitigate this vulnerability. Note that Linux or Unix systems that use NDISWrapper or similar technologies to load the WG111v2.SYS driver may also be vulnerable.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code, or cause a denial-of-service condition on a vulnerable system.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"Disable wireless adapters Disabling wireless adapters may reduce the chances of this vulnerability being exploited.","sysaffected":"","thanks":"This issue was publicly reported by H.D. Moore on \nThe Month of Kernel Bugs Website","author":"This document was written by Ryan Giobbi.","public":["http://projects.info-pull.com/mokb/MOKB-16-11-2006.html","http://secunia.com/advisories/22962/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-11-16T16:17:54Z","publicdate":"2006-11-16T00:00:00Z","datefirstpublished":"2006-11-17T15:45:38Z","dateupdated":"2006-11-17T15:45:51Z","revision":23,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"4","cam_widelyknown":"18","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"4","cam_impact":"10","cam_easeofexploitation":"13","cam_attackeraccessrequired":"17","cam_scorecurrent":"3.48075","cam_scorecurrentwidelyknown":"3.81225","cam_scorecurrentwidelyknownexploited":"7.12725","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.48075,"vulnote":null}