SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Marvell Driver Malformed Association Request Vulnerability


Arrow  SecurityAlert : 4400
Arrow  CVE : CVE-2008-4441
Arrow  CWE : CWE-20
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : No
Arrow  Exploit Available : Yes
Arrow  Credit : Laurent Butti
Arrow  Published : 15.10.2008

Arrow  Affected Software : Linksys WAP4400N (firmware v1.2.14) with MARVELL 88W8361P-BEM1 chipset



Arrow  Advisory Content :  

Title:
------
* Marvell Driver Malformed Association Request Vulnerability

Summary:
--------
* The wireless drivers in some Wi-Fi access points (such as the
MARVELL-based Linksys WAP4400N) do not correctly parse some malformed
802.11 frames.

Assigned CVE:
-------------
* CVE-2008-4441

Details:
--------
* The bug can be triggered thanks to a malformed association request
which is typically too short (truncated). Any association request sent
in the air by the attacker will be parsed by the access point wireless
driver and thus may trigger some implementation bugs. This bug is only
triggerable when the access point is in WEP mode and if the association
request contains the WEP flag.

Attack Impact:
--------------
* Denial-of-service (reboot or hang-up) and possibly remote arbitrary
code execution

Attack Vector:
--------------
* Unauthenticated wireless device

Timeline:
---------
* 2008-05-26 - Vulnerability reported to Linksys
* 2008-05-26 - Full details sent to Linksys
* 2008-10-13 - Public disclosure

Affected Products:
------------------
* Linksys WAP4400N (firmware v1.2.14) with MARVELL 88W8361P-BEM1 chipset

Vulnerable Devices:
-------------------
* As it is a wireless driver specific issue, the wireless vendor should
use the latest chipset wireless driver for their access point firmwares.
This security vulnerability was reported to Linksys, updated firmwares
(such as the 1.2.17 firmware) should be available on their web site. Any
other wireless device relying on this vulnerable wireless driver is
likely to be vulnerable.

Credits:
--------
* This vulnerability was discovered by Laurent Butti and Julien Tinnes
from France Telecom / Orange



Arrow  References :

http://www.securityfocus.com/bid/31742
http://www.securityfocus.com/archive/1/archive/1/497285/100/0/threaded




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...
Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration
PHP RSS PHP Alert

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass

» PHP 5.3.0 5.2.11
   posix_mkfifo()
   open_basedir bypass
Copyright © SecurityReason.com. All Rights Reserved.