November 2006
CIAC INFORMATION BULLETIN: MOKB-16-11-2006 - NetGear WG111v2 Wireless Driver Long Beacon Overflow
ID: 00805
Ref: 764/2006
Date: 20 November 2006:15:17:53
Version: 1
Title: CIAC INFORMATION BULLETIN: MOKB-16-11-2006 - NetGear WG111v2 Wireless Driver Long Beacon Overflow
Abstract: The NetGear WG111v2 wireless adapter (USB) ships with a version of WG111v2.SYS that is vulnerable to a stack-based buffer overflow.
Vendors affected: CIAC
Operating systems affected: CIAC
Applications affected: CIAC
Title
=====
CIAC INFORMATION BULLETIN: MOKB-16-11-2006 - NetGear WG111v2 Wireless Driver
Long Beacon Overflow
Detail
======
The NetGear WG111v2 wireless adapter (USB) ships with a version of WG111v2.SYS
that is vulnerable to a stack-based buffer overflow.
- -----BEGIN PGP SIGNED MESSAGE-----
__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
NetGear WG111v2 Wireless Driver Long Beacon Overflow
[MOKB-16-11-2006]
November 17, 2006 18:00 GMT Number R-052
______________________________________________________________________________
PROBLEM: The NetGear WG111v2 wireless adapter (USB) ships with a version
of WG111v2.SYS that is vulnerable to a stack-based buffer
overflow.
PLATFORM: WG111v2 Driver Downloaded
DAMAGE: This overflow can lead to arbitrary kernel-mode code execution.
SOLUTION: There is currently no practical solution to this problem, so
you can disable at risk adapters.
______________________________________________________________________________
VULNERABILITY The risk is HIGH. The attacker must be in range of the wireless
ASSESSMENT: device.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-052.shtml
ORIGINAL BULLETIN: http://projects.info-pull.com/mokb/MOKB-16-11-2006.html
ADDITIONAL LINKS: US-CERT Vulnerability Note #445753
http://www.kb.cert.org/vuls/id/445753
Secunia Advisory SA22962
http://secunia.com/advisories/22962/
______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
iQCVAwUBRV36w7nzJzdsy3QZAQHC2wQArmL5r4cFn9gIfrRyK+VyBhRDSig/2z7A
bxV6RDj/cyp1rJgRGnJmtD8KXapQv0A64tFLaijHfH7weMOMw8u5po/ef6YFGTvM
zTqGMbXcLXDx8Lm1EZJM83BLzrlVjrtS6nPhmgdS1INt7u+tRKX0d8pS8Xsk7BgF
ulLud44sxvU=
=ZhVy
- -----END PGP SIGNATURE-----