FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

IEEE 802.11 -- buffer overflow

Affected systems
6.0 < FreeBSD < 6.0_3


VuXML ID dade3316-9d31-11da-8c1d-000e0c2e438a
Discovery 2006-01-18
Entry 2006-02-14
Modified 2006-06-09

Problem description:

An integer overflow in the handling of corrupt IEEE 802.11 beacon or probe response frames when scanning for existing wireless networks can result in the frame overflowing a buffer.


An attacker able broadcast a carefully crafted beacon or probe response frame may be able to execute arbitrary code within the context of the FreeBSD kernel on any system scanning for wireless networks.


No workaround is available, but systems without IEEE 802.11 hardware or drivers loaded are not vulnerable.


CVE Name CVE-2006-0226
FreeBSD Advisory SA-06:05.80211