Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-6332

Published: 10/12/2006 Updated: 29/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 765
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Madwifi

Vulnerability Summary

Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi prior to 0.9.2.1 allows remote malicious users to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.

Vulnerable Product Search on Vulmon Subscribe to Product

madwifi madwifi 0.9.2.1

Vendor Advisories

Ubuntu Security Notice: linux-restricted-modules-2.6.17 vulnerability
Laurent Butti, Jerome Razniewski, and Julien Tinnes discovered that the MadWifi wireless driver did not correctly check packet contents when receiving scan replies A remote attacker could send a specially crafted packet and execute arbitrary code with root privileges ...

Exploits

Exploit DB: Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow
/* ---- madwifi WPA/RSN IE remote kernel buffer overflow ------ * expoit code by: sgrakkyu <at> antiforkorg -- 10/1/2007 * * CVE: 2006-6332 (Laurent BUTTI, Jerome RAZNIEWSKI, Julien TINNES) * * (for wpa) * * memcpy(buf, se->se_wpa_ie, se->se_wpa_ie[1] + 2) * * * the function re-uses args in the stack bef ...
Exploit DB: Madwifi < 0.9.2.1 - SIOCGIWSCAN Buffer Overflow (Metasploit)
# Madwifi remote kernel exploit # 100% reliable, does'nt crash wifi stack, can exploit # same target multiple times # # Julien TINNES &lt;julien at cr0org&gt; # Laurent BUTTI &lt;0x9090 at gmailcom&gt; # # vuln in giwscan_cb, here's the path: # # ieee80211_ioctl_giwscan -&gt; ieee80211_scan_iterate -&gt; sta_iterate -&gt; giwscan_cb # require 'm ...
Exploit DB: Madwifi - SIOCGIWSCAN Buffer Overflow (Metasploit)
## # $Id: madwifi_giwscan_cbrb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## # Madwifi remote kerne ...

References

NVD-CWE-Otherhttp://madwifi.org/changeset/1842http://madwifi.org/wiki/news/20061207/release-0-9-2-1-fixes-critical-security-issuehttp://www.securityfocus.com/bid/21486http://secunia.com/advisories/23277http://lists.immunitysec.com/pipermail/dailydave/2006-December/003888.htmlhttp://security.gentoo.org/glsa/glsa-200612-09.xmlhttp://www.kb.cert.org/vuls/id/925529http://www.novell.com/linux/security/advisories/2006_74_madwifi.htmlhttp://www.novell.com/linux/security/advisories/2006_28_sr.htmlhttp://secunia.com/advisories/23335http://www.ubuntu.com/usn/usn-404-1http://secunia.com/advisories/23694http://www.vupen.com/english/advisories/2006/4901https://exchange.xforce.ibmcloud.com/vulnerabilities/30800https://usn.ubuntu.com/404-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/3389/https://www.kb.cert.org/vuls/id/925529
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook