7.5
CVSSv2

CVE-2006-6332

Published: 10/12/2006 Updated: 29/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi prior to 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.

Affected Products

Vendor Product Versions
MadwifiMadwifi0.9.2.1

Vendor Advisories

Laurent Butti, Jerome Razniewski, and Julien Tinnes discovered that the MadWifi wireless driver did not correctly check packet contents when receiving scan replies A remote attacker could send a specially crafted packet and execute arbitrary code with root privileges ...

Exploits

# Madwifi remote kernel exploit # 100% reliable, does'nt crash wifi stack, can exploit # same target multiple times # # Julien TINNES <julien at cr0org> # Laurent BUTTI <0x9090 at gmailcom> # # vuln in giwscan_cb, here's the path: # # ieee80211_ioctl_giwscan -> ieee80211_scan_iterate -> sta_iterate -> giwscan_cb # require 'm ...
## # $Id: madwifi_giwscan_cbrb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## # Madwifi remote kerne ...
/* ---- madwifi WPA/RSN IE remote kernel buffer overflow ------ * expoit code by: sgrakkyu <at> antiforkorg -- 10/1/2007 * * CVE: 2006-6332 (Laurent BUTTI, Jerome RAZNIEWSKI, Julien TINNES) * * (for wpa) * * memcpy(buf, se->se_wpa_ie, se->se_wpa_ie[1] + 2) * * * the function re-uses args in the stack bef ...

Github Repositories

wifuzzit (a 80211 wireless fuzzer) Written and maintained by Laurent Butti Released under terms and conditions of the GNU GPLv3 license What is wifuzzit? Wifuzzit is a wireless fuzzer focused on 80211 technology It aims at discovering 80211 implementation bugs both on access points and stations It relies on the infamous Sulley Fuzzing Framework and thus is a model-based

wifuzzit (a 80211 wireless fuzzer) Written and maintained by Laurent Butti Released under terms and conditions of the GNU GPLv3 license What is wifuzzit? Wifuzzit is a wireless fuzzer focused on 80211 technology It aims at discovering 80211 implementation bugs both on access points and stations It relies on the infamous Sulley Fuzzing Framework and thus is a model-based

wifuzzit (a 80211 wireless fuzzer) Written and maintained by Laurent Butti Released under terms and conditions of the GNU GPLv3 license What is wifuzzit? Wifuzzit is a wireless fuzzer focused on 80211 technology It aims at discovering 80211 implementation bugs both on access points and stations It relies on the infamous Sulley Fuzzing Framework and thus is a model-based