|
Intel PROset/Wireless Software Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA20001
|
|
|
Release Date:
|
2006-05-09
|
|
Last Update:
|
2007-04-09
|
|
Popularity:
|
15,216 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Exposure of sensitive information
Privilege escalation
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Intel PROSet Software 7.x
Intel PROSet/Wireless Software 10.x
Intel PROSet/Wireless Software 8.x
Intel PROSet/Wireless Software 9.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-2316
CVE-2006-4022
CVE-2006-3992
|
|
Description:
Multiple vulnerabilities have been reported in Intel PROset/Wireless Software, which can be exploited by malicious, local users to disclose sensitive information and gain escalated privileges or by malicious people to compromise a vulnerable system.
1) Insecure default permissions on the "\BaseNamedObjects\S24EventManagerSharedMemory" shared section used by the Wireless Management Service (S24EvMon.exe) makes it possible for an unprivileged user to obtain information of the wireless configuration e.g. WEP keys.
The security issue has been confirmed in version 10.1.0.33 and has also been reported in versions prior to 7.1.4.6 and 10.5 for the 7.x, 8.x, 9.x, and 10.x branches.
2) A memory corruption error exists in the Windows drivers for Intel 2100 PRO/Wireless Network Connection Hardware when handling certain application requests. This can be exploited to gain kernel-level privileges by injecting specially crafted frames into the driver via a malicious application.
The vulnerability has been reported in all 7.x versions prior to 7.1.4.6 with drvr 1.2.4.37.
3) Unspecified memory corruption errors exist in the Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection Hardware (w22n50.sys, w22n51.sys, w29n50.sys, and w29n51.sys) when processing frames. This can be exploited by sending a specially crafted frame to a vulnerable system.
Successful exploitation may allow execution of arbitrary code with kernel-level privileges.
These vulnerabilities have been reported in all 8.x, 9.x, and 10.x versions prior to 10.5 with drvr 9.0.4.16.
Solution:
Update to version 7.1.4.6 or 10.5.0.0.
http://support.intel.com/support/wireless/wlan/sb/cs-005905.htm
Provided and/or discovered by:
1) Rubén Santamarta
2+3) Reported by the vendor.
Changelog:
2006-05-15: Added CVE reference.
2006-08-01: Updated "Description" and "Solution" sections, added additional software as affected, and added link to vendor advisory.
2006-08-03: Added information about two additional vulnerabilities.
2006-08-08: Added link to US-CERT.
2006-08-09: Added CVE references.
2006-08-21: Added link to US-CERT.
2007-04-09: Updated links to original advisory.
Original Advisory:
Rubén Santamarta:
http://www.reversemode.com/index.php?...&task=view&id=10&Itemid=1
Intel:
http://security-center.intel.com/advi...d=INTEL-SA-00001&languageid=en-fr
http://security-center.intel.com/advi...d=INTEL-SA-00004&languageid=en-fr
http://security-center.intel.com/advi...d=INTEL-SA-00005&languageid=en-fr
Other References:
US-CERT VU#230208:
http://www.kb.cert.org/vuls/id/230208
US-CERT VU#824500:
http://www.kb.cert.org/vuls/id/824500
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
