This Metasploit module injects a malformed UDP packet to crash Wireshark and TShark 1.8.0 to 1.8.7, as well as 1.6.0 to 1.6.15. The vulnerability exists in the CAPWAP dissector which fails to handle a packet correctly when an incorrect length is given.
cec94847adc64618aa31611cb0487ee9eec527cbaa3d2516f2ba91a164efcdedThis Metasploit module injects a malicious udp packet to crash Wireshark 1.8.0 to 1.8.7 and 1.6.0 to 1.6.15. The vulnerability exists in the capwap dissector which fails to handle an incomplete packet.
f45824d8ae8f2f2ded6c62979f4a3f1eca4605da3e5dba3170672adc46202f24Wireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 through 1.4.12 suffer from multiple dissector related denial of service vulnerabilities.
e3de518339a43d0a5f512990af923fedfb53c8e45b810e538dc48e45374c8f12The wireless drivers in some Wi-Fi access points (such as the ATHEROS-based Netgear WNDAP330) do not correctly parse malformed reserved management frames.
f6fc1bda3a0c5dffe082b5ca1d4a671c6e65ff573fec7141a069a46e37ab49daThe wireless drivers in some Wi-Fi access points (such as the MARVELL-based Linksys WAP4400N) do not correctly parse information elements included in association requests.
f726b07e5df156d18db6d87b24879cea10a4c642f89c60083faaa78b0fa2ed0fThis Metasploit module exploits a stack-based buffer overflow in the Madwifi driver.
0754c28ffae1c6acf4d1bb93d5f0ef0b22f7d54c1e399116520b529c45ac5417The Cisco Unified IP Phone 7960G and 7940G (SIP) do not correctly parse some malformed RTP headers leading to a deterministic denial of service.
00372e28c3e7b41b85a1d67580955f2b158b3cbd709e06747aa677141b355c44The wireless drivers in some Wi-Fi access points (such as the MARVELL-based Linksys WAP4400N) do not correctly parse some malformed 802.11 frames, allowing for denial of service and possible code execution.
1a181ff342a3f2e4a532d4f63245f3886efc056a407e5ba031eaab9f54c9e7ffThe wireless drivers in some Wi-Fi access points (such as the ATHEROS-based Linksys WRT350N) do not correctly parse the Atheros vendor specific information element included in association requests allowing for denial of service or possible code execution.
65bd74141ad942f7b06d4dba223152dea500c38738174396183436ef7ee12619The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from a NULL SSID association request vulnerability that allows for denial of service and possibly code execution.
ccb13de54f066e877156a14ba07fa1ac4f865e9ef7de15ecd8de515a0d4f33f9The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from an overflow vulnerability when parsing malformed EAPoL-Key packets.
38d2065be0b8a4aeb8224079f08d4c79ba5ac17ce0b4e9162721a30007efe569Cisco Secure ACS does not correctly parse the length of EAP-Response packets which allows remote attackers to cause a denial of service and possibly execute arbitrary code. A remote attacker (acting as a RADIUS client) could send a specially crafted EAP Response packet against a Cisco Secure ACS server in such a way as to cause the CSRadius service to crash (reliable). This bug may be triggered if the length field of an EAP-Response packet has a certain big value, greater than the real packet length.
319147cb46911ef704c63fc39bf9d0a5a41748f5c8eed7579cf3a521ef71ba93There is a buffer overflow in the Madwifi Atheros driver in some functions called by SIOCSIWSCAN ioctl.
ae78388667ab3deb4319d8f83bc674032a7c7b8df47d26ab5490c18a34bceb0cwifi-advanced-stealth-patches are a set of basic patches for the madwifi-ng driver in order to achieve good stealth at low cost! It can be useful in protecting your own network from wardrivers and attacks (denial-of-service, wep cracking...) as your modified access point and client are the only ones that understand themselves! Some embedded access point like the Netgear WG634U have an Atheros chipset (OpenWRT + madwifi) and thus may be modified to support stealth at low cost. These patches are only a proof-of-concept and may be improved in many ways as possibilities are quite infinite... These patches were released at BlackHat US 2006.
eb1c82d15aa2a2817a8f3510a77fa9d8aef7363d7ebb0cc1b2a5206f49b973fdpyrawcovert is an enhancement of the Raw Covert tool that was released at ShmooCon2006. It is a covert channel over the 802.11 protocol. It uses valid control frames (ACK) for carrying the communication protocol. These frames are usually considered as non malicious and thus are not analyzed by most wireless IDS. This tool enables a full-duplex communication between two pyrawcovert and thus make it possible to perform some interactive communications (ssh...) or file transfers (scp...) thru this covert channel. This version was released at BlackHat US 2006.
5a623757ddedb3d7b32645a8c8d4e3cf4628b3ccffb931316cc7e12bfe244b6fRaw Covert is a program that initiates a covert channel over IEEE 802.11 networks thanks to wireless raw injection. It aims at encoding a covert channel in valid ACK frames in the RA address field. This program is a basic proof-of-concept code.
c5841ce4e81f8eb059f35f0253eb832ea09516d507b38ba7301dd6b8f12bd765Raw Glue AP is a program that catches wireless stations searching for preferred SSIDs. This tool catches probe requests, send back appropriate probe responses and then tries to catch authentication and association requests. This is a kind of Glue AP which purpose is to catch clients that are actively scanning for any SSID. All this stuff is done in monitor mode and uses raw injection which seems to be required if this method may be implemented in a Wireless IDS (that usually perform detection in monitor mode). This program is a basic proof-of-concept code.
13cce714959056d41627ec9442342d46072f9d72ef57554b9d03ebfb353ed2d1Raw Fake AP is a program that emulates IEEE 802.11 access points thanks to wireless raw injection. It aims at creating/injecting both beacon and probe response frames in order to emulate valid IEEE 802.11 access points. This program is a basic proof-of-concept code.
4e5f63d8488b0fbd1a709429feb797c8c679de48f47ef93ab4741f8506830667Raw Fake AP is a program that emulates IEEE 802.11 access points thanks to wireless raw injection. It aims at creating/injecting both beacon and probe response frames in order to emulate valid IEEE 802.11 access points. This program is a basic proof-of-concept code.
9e4755e10859803427684f739877b9269934518fdc21233cc9616a6e38bfee03
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed