FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

IEEE 802.11 -- buffer overflow

Affected systems
6.0 < FreeBSD < 6.0_3

Details

VuXML ID dade3316-9d31-11da-8c1d-000e0c2e438a
Discovery 2006-01-18
Entry 2006-02-14
Modified 2006-06-09

Problem description:

An integer overflow in the handling of corrupt IEEE 802.11 beacon or probe response frames when scanning for existing wireless networks can result in the frame overflowing a buffer.

Impact:

An attacker able broadcast a carefully crafted beacon or probe response frame may be able to execute arbitrary code within the context of the FreeBSD kernel on any system scanning for wireless networks.

Workaround:

No workaround is available, but systems without IEEE 802.11 hardware or drivers loaded are not vulnerable.

References

CVE Name CVE-2006-0226
FreeBSD Advisory SA-06:05.80211