Vulnerability Name:

CVE-2006-6059 (CCN-30442)

Assigned:2006-11-18
Published:2006-11-18
Updated:2017-07-20
Summary:Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element.
Note: this issue was reported as a "memory corruption" error, but the associated exploit code suggests that it is a buffer overflow.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
9.0 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
9.0 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-6059

Source: CCN
Type: MOKB-18-11-2006
NetGear MA521 Wireless Driver Long Rates Overflow

Source: MISC
Type: Exploit, Vendor Advisory
http://projects.info-pull.com/mokb/MOKB-18-11-2006.html

Source: CCN
Type: SA23036
NetGear MA521 Wireless Driver Long Rates Memory Corruption

Source: SECUNIA
Type: Vendor Advisory
23036

Source: CCN
Type: SECTRACK ID: 1017254
Netgear MA521 Wireless Adapter Invalid `Supported Rates` Value Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Exploit
1017254

Source: CCN
Type: US-CERT VU#395496
NetGear wireless driver fails to properly process certain 802.11 management frames

Source: CERT-VN
Type: US Government Resource
VU#395496

Source: CCN
Type: NETGEAR Web site
NETGEAR - 108 Mbps Wireless Firewall Router

Source: CCN
Type: OSVDB ID: 30507
NETGEAR MA521 Wireless Driver (MA521nd5.SYS) Supported Rates Element Overflow

Source: BID
Type: UNKNOWN
21175

Source: CCN
Type: BID-21175
NetGear MA521 Wireless Driver Long Beacon Probe Buffer Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-4604

Source: XF
Type: UNKNOWN
netgear-ma521-bo(30442)

Source: XF
Type: UNKNOWN
netgear-ma521-code-execution(30442)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:netgear:ma521_driver:*:*:*:*:*:*:*:* (Version <= 5.148.724.2003)

    • Configuration CCN 1:
  • cpe:/a:netgear:ma521_driver:5.148.724.2003:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netgear ma521 driver *
    netgear ma521 driver 5.148.724.2003