|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 75 CVE : CVE-2005-3180 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : No Credit : Meder Kydyraliev Published : 12.10.2005
Advisory Text : Linux Orinoco Driver Information Leakage Vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I. Background ~~~~~~~~~~~~~ http://sourceforge.net/projects/orinoco The Linux orinoco driver, included in the kernel since 2.4.3 and in David Hinds' pcmcia-cs package since 3.1.30 supports a large number of wireless NICs based on the Lucent/Agere Hermes, Symbol Spectrum24 and Intersil/Conexant Prism 2/2.5/3 chipsets. II. Description ~~~~~~~~~~~~~~~ Due to padding of Ethernet frames with uninitialized data, it is possible to remotely obtain parts of memory which may contain sensitive information [1]. Following sample dumps illustrate the problem: 13:21:58.901746 arp reply 192.168.0.179 is-at 00:09:5b:3e:ca:d4 0x0000: 0001 0800 0604 0002 0009 5b3e cad4 c0a8 ..........[>.... 0x0010: 00b3 0012 f0bb 22ae c0a8 001f 6f73 743a ......".....ost: 0x0020: 7e20 2d20 5368 656c 6c20 4e6f 2e20 7353 ~.-.Shell.No..sS 0x0030: 8071 .q 13:21:17.811889 arp reply 192.168.0.179 is-at 00:09:5b:3e:ca:d4 0x0000: 0001 0800 0604 0002 0009 5b3e cad4 c0a8 ..........[>.... 0x0010: 00b3 0012 f0bb 22ae c0a8 001f 2054 7261 ......"......Tra 0x0020: 636b 3035 2e6d 7033 2028 343a 3139 1b62 ck05.mp3.(4:19.b 0x0030: 6dd1 m. Attacker can use arping(8) to send ARP requests to the target running vulnerable orinoco drivers and observe contents of uninitialized memory in the ARP replies. III. Vendor status ~~~~~~~~~~~~~~~~~~ Developers of linux orinoco drivers where notified and the fix, which has been incorporated into 2.6.13.4 kernel, was issued. Patch can be viewed here: http://www.kernel.org/hg/linux-2.6/?cmd=filediff;node=feecb2ffde28639e60 ede769c6f817dc536c677b;file=drivers/net/wireless/orinoco.c IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~ 4/10/2005 - Issue discovered. Vendor notified. 4/10/2005 - Vendor response received along with the patch to remedy the problem. 10/10/2005 - Confirmed that patch was incorporated into 2.6.13.4 kernel. V. Acknowledgements ~~~~~~~~~~~~~~~~~~~ Thanks to Pavel Roskin for quick response and fix. VI. References ~~~~~~~~~~~~~~ 1. http://www.atstake.com/research/advisories/2003/atstake_etherleak_report -- http://o0o.nu/~meder  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |