|
|
|
|
| |
Credit:
The information has been provided by Laurent Butti.
|
| |
Vulnerable Systems:
* Linksys WAP4400N (firmware 1.2.17) with MARVELL 88W8361P-BEM1 chipset
Immune Systems:
* Linksys WAP4400N (firmware 1.2.19)
The bug can be triggered by a malicious association request to the wireless access point (the information element could be a rates, extended rates, or any supported information element that will be parsed by the flawed parser, the information element uses an inappropriate length, typically too long). This can be achieved only after a successful 802.11 authentication (in "Open" or "Shared" mode according to the configuration of the wireless access point).
As it is a wireless driver specific issue, the wireless vendor should use the latest chipset wireless driver for their access point firmwares. This security vulnerability was originally reported to Linksys, updated firmwares should be available on Cisco/Linksys web site. Any other wireless device relying on this vulnerable wireless driver is likely to be vulnerable.
CVE Information:
CVE-2007-5475
Disclosure Timeline:
2007-10-22 - Vulnerability reported to Linksys
2007-10-23 - Full details sent to Linksys
2009-09-10 - Cisco/Linksys released a patched firmware (1.2.19)
2009-11-10 - Release of this security advisory
-------------------------------------------------------------------------------------------------------------------------------
This vulnerability and over 10,000 others are identified and reported by AVDS, the most technically sophisticated network vulnerability assessment and management system available.
*
|
|
|
|
|
