Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1385

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-1385
Last Modified 07 Mar 2011 09:32:57
Published 24 Mar 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1385

Summary

Stack-based buffer overflow in the parseTaggedData function in WavePacket.mm in KisMAC R54 through R73p allows remote attackers to execute arbitrary code via multiple SSIDs in a Cisco vendor tag in a 802.11 management frame.

Vulnerable Systems

Application

  • Kismac 0.10a

  • Kismac 0.11a

  • Kismac 0.12a

  • Kismac 0.1a

  • Kismac 0.1b

  • Kismac 0.1c

  • Kismac 0.2a

  • Kismac 0.5d

  • Kismac 0.5d4


References

XF - kismac-80211-parsing-bo(25422)

VUPEN - ADV-2006-1070

BID - 17198

BUGTRAQ - 20060323 Advisory 03/2006: KisMAC Cisco Vendor Tag Encapsulated SSID Overflow

MISC - http://www.hardened-php.net/advisory_032006.115.html

SECUNIA - 19354

CONFIRM - http://kismac.de/_trac/changeset/113

OSVDB - 24072

SREASON - 609

XF - kismac-80211-gain-access(25422)


Last Updated: 27 May 2016 10:38:12