CVE-2006-0226 - OpenCVE

Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:6.0:release::::::
	cpe:2.3:o:freebsd:freebsd:6.0:stable::::::

References

Link	Resource
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc
http://kernelwars.blogspot.com/2007/01/alive.html
http://secunia.com/advisories/18353	Patch Vendor Advisory
http://securitytracker.com/id?1015518
http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson
http://www.osvdb.org/22537
http://www.securityfocus.com/bid/16296	Patch
http://www.signedness.org/advisories/sps-0x1.txt	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24192

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: freebsd

Published: 2006-01-19T01:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-01-17T00:00:00

Link: CVE-2006-0226

JSON object: View

NVD Information

Status : Modified

Published: 2006-01-19T01:03:00.000

Modified: 2017-07-20T01:29:33.817

Link: CVE-2006-0226

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"name": "1015518", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015518"}, {"tags": ["x_refsource_MISC"], "url": "http://kernelwars.blogspot.com/2007/01/alive.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson"}, {"name": "FreeBSD-SA-06:05", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc"}, {"name": "bsd-ieee80211-bo(24192)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24192"}, {"tags": ["x_refsource_MISC"], "url": "http://www.signedness.org/advisories/sps-0x1.txt"}, {"name": "22537", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/22537"}, {"name": "16296", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16296"}, {"name": "18353", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18353"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "ID": "CVE-2006-0226", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1015518", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015518"}, {"name": "http://kernelwars.blogspot.com/2007/01/alive.html", "refsource": "MISC", "url": "http://kernelwars.blogspot.com/2007/01/alive.html"}, {"name": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson", "refsource": "MISC", "url": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson"}, {"name": "FreeBSD-SA-06:05", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc"}, {"name": "bsd-ieee80211-bo(24192)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24192"}, {"name": "http://www.signedness.org/advisories/sps-0x1.txt", "refsource": "MISC", "url": "http://www.signedness.org/advisories/sps-0x1.txt"}, {"name": "22537", "refsource": "OSVDB", "url": "http://www.osvdb.org/22537"}, {"name": "16296", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16296"}, {"name": "18353", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18353"}]}}}}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2006-0226", "datePublished": "2006-01-19T01:00:00", "dateReserved": "2006-01-17T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:6.0:release:*:*:*:*:*:*", "matchCriteriaId": "CCE4F2E6-2286-4D87-ADD7-7E999B4E5620", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*", "matchCriteriaId": "C07C3BEF-8D6A-4F23-96DE-AFE4369D08EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames."}], "id": "CVE-2006-0226", "lastModified": "2017-07-20T01:29:33.817", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-01-19T01:03:00.000", "references": [{"source": "secteam@freebsd.org", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc"}, {"source": "secteam@freebsd.org", "url": "http://kernelwars.blogspot.com/2007/01/alive.html"}, {"source": "secteam@freebsd.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18353"}, {"source": "secteam@freebsd.org", "url": "http://securitytracker.com/id?1015518"}, {"source": "secteam@freebsd.org", "url": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson"}, {"source": "secteam@freebsd.org", "url": "http://www.osvdb.org/22537"}, {"source": "secteam@freebsd.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16296"}, {"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "http://www.signedness.org/advisories/sps-0x1.txt"}, {"source": "secteam@freebsd.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24192"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}