[Dailydave] Madwifi SIOCSIWSCAN vulnerability (CVE-2006-6332)
TINNES Julien RD-MAPS-ISS
julien.tinnes at francetelecom.com
Fri Dec 8 05:44:56 EST 2006
Here it is, metasploit 3 DoS module and a very simple and raw local
exploit (which needs to be triggered by the DoS module).
A full remote exploit is possible, which would be triggered by "iwlist
ath0 scan".
You can inject code into the process' address space by using some
information elements.
--
Julien TINNES - & france telecom - R&D Division/MAPS/NSS
Research Engineer - Internet/Intranet Security
GPG: C050 EF1A 2919 FD87 57C4 DEDD E778 A9F0 14B9 C7D6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: madexploit.c
Type: text/x-csrc
Size: 12384 bytes
Desc: not available
Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20061208/94f538dd/attachment-0001.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: madwifi_giwscan_cb.rb
Type: application/x-ruby
Size: 4278 bytes
Desc: not available
Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20061208/94f538dd/attachment-0001.bin
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 2006-12-07-madwifi-siocgiwscan.txt
Url: http://lists.immunitysec.com/pipermail/dailydave/attachments/20061208/94f538dd/attachment-0001.txt
More information about the Dailydave
mailing list