Marvell 88W8361P-BEM1芯片组NETGEAR WN802T远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1185448 漏洞类型 输入验证
发布时间 2008-09-04 更新时间 2008-09-04
CVE编号 CVE-2008-1197 CNNVD-ID CNNVD-200809-085
漏洞平台 N/A CVSS评分 6.3
|漏洞来源
https://www.securityfocus.com/bid/30976
https://cxsecurity.com/issue/WLB-2008090011
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200809-085
|漏洞详情
NETGEARWN802T是一款小型的无线接入设备。基于Marvell88W8361P-BEM1芯片组的NETGEARWN802T设备没有正确的解析用户请求中所包含的SSID信息单元,通过802.11认证的攻击者可以在关联请求中包含空的SSID导致设备重启或挂起。
|漏洞EXP
Title:
------
* Marvell Driver Null SSID Association Request Vulnerability

Summary:
------
* The wireless drivers in some Wi-Fi access points (such as the
MARVELL-based Netgear WN802T) do not correctly parse SSID information
element included in association requests. Most information elements are
used by the wireless access point and clients to advertise their
capabilities (regarding rates, network name, cryptographic
capabilities...). More precisely, the SSID is used by the access point
to validate that the wireless client intends to connect to the
appropriate SSID.

Assigned CVE:
-------------
* CVE-2008-1197

Details:
--------
* The bug can be triggered by a malicious association request to the
wireless access point with a Null SSID. This can be achieved only after
a successful 802.11 authentication (in "Open" or "Shared" mode according
to the configuration of the wireless access point).

Attack Impact:
--------------
* Denial-of-service (reboot or hang-up) and possibly remote arbitrary
code execution

Attack Vector:
--------------
* Unauthenticated wireless device

Timeline:
---------
* 2008-02-19 - Vulnerability reported Netgear
* 2008-03-06 - PoC sent to Netgear
* 2008-09-04 - Public disclosure

Affected Products:
------------------
* Netgear WN802T (firmware 1.3.16) with MARVELL 88W8361P-BEM1 chipset

Vulnerable Devices:
-------------------
* As it is a wireless driver specific issue, the wireless vendor should
use the latest chipset wireless driver for their access point firmwares.
This security vulnerability was reported to Netgear, updated firmwares
should be available on their web site. Any other wireless device relying
on this vulnerable wireless driver is likely to be vulnerable.

Credits:
--------
* This vulnerability was discovered by Laurent Butti and Julien Tinnes
from France Telecom / Orange
|受影响的产品
NetGear WN802T firmware 1.3.16 Marvell Semiconductor 88W8361P-BEM1 chipset 0
|参考资料

来源:XF
名称:netgear-wn802t-ssid-dos(44918)
链接:http://xforce.iss.net/xforce/xfdb/44918
来源:BID
名称:30976
链接:http://www.securityfocus.com/bid/30976
来源:BUGTRAQ
名称:20080904MarvellDriverNullSSIDAssociationRequestVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/495983/100/0/threaded
来源:SREASON
名称:4215
链接:http://securityreason.com/securityalert/4215
来源:SECUNIA
名称:31770
链接:http://secunia.com/advisories/31770