Details of VAR-200612-0135

ID

VAR-200612-0135

CVE

CVE-2006-6651

TITLE

Intel 2200BG Wireless driver W29N51.SYS Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2006-002604

DESCRIPTION

Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3.9 allows remote attackers to cause memory corruption and execute arbitrary code via a series of crafted beacon frames. NOTE: some details are obtained solely from third party information. Intel 2200BG driver is prone to a remote code-execution vulnerability due to a race condition. Failed exploit attempts will likely cause denial-of-service conditions. Intel 2200BG is a mini PCI wireless network card used in notebooks. code. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Intel 2200BG W29N51.SYS Driver Beacon Frame Race Condition SECUNIA ADVISORY ID: SA23338 VERIFY ADVISORY: http://secunia.com/advisories/23338/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: Intel Wireless LAN Driver 9.x http://secunia.com/product/12914/ DESCRIPTION: Berno Silva has reported a vulnerability in Intel 2200BG drivers, which potentially can be exploited by malicious people to compromise a vulnerable system. This can be exploited to overwrite certain kernel memory structures via sending multiple specially crafted beacon frames to the wireless card. The vulnerability is reported in version 9.0.3.9. Other versions may also be affected. SOLUTION: Turn off the wireless card when not in use. PROVIDED AND/OR DISCOVERED BY: Berno Silva, Open Communications Security ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-6651 // JVNDB: JVNDB-2006-002604 // BID: 21641 // VULHUB: VHN-22759 // PACKETSTORM: 53106

AFFECTED PRODUCTS

vendor:	intel	model:	2200bg proset wireless	scope:	eq	version:	9.0.3.9	Trust: 2.4
vendor:	intel	model:	2200bg driver	scope:	eq	version:	9.0.3.9	Trust: 0.3

sources: BID: 21641 // JVNDB: JVNDB-2006-002604 // CNNVD: CNNVD-200612-406 // NVD: CVE-2006-6651

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-6651
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-6651
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200612-406
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-22759
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-6651
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-22759
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-22759 // JVNDB: JVNDB-2006-002604 // CNNVD: CNNVD-200612-406 // NVD: CVE-2006-6651

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6651

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200612-406

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-200612-406

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-002604

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-22759

PATCH

title:

2200BG wireless

url:

http://www.intel.com/p/ja_JP/support/highlights/wireless/pro2200bg/

Trust: 0.8

sources: JVNDB: JVNDB-2006-002604

EXTERNAL IDS

db:	NVD	id:	CVE-2006-6651	Trust: 2.5
db:	BID	id:	21641	Trust: 2.0
db:	SECUNIA	id:	23338	Trust: 1.8
db:	VUPEN	id:	ADV-2006-5065	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-002604	Trust: 0.8
db:	CNNVD	id:	CNNVD-200612-406	Trust: 0.7
db:	EXPLOIT-DB	id:	2949	Trust: 0.1
db:	VULHUB	id:	VHN-22759	Trust: 0.1
db:	PACKETSTORM	id:	53106	Trust: 0.1

sources: VULHUB: VHN-22759 // BID: 21641 // JVNDB: JVNDB-2006-002604 // PACKETSTORM: 53106 // CNNVD: CNNVD-200612-406 // NVD: CVE-2006-6651

REFERENCES

url:	http://www.securityfocus.com/bid/21641	Trust: 1.7
url:	http://downloads.securityfocus.com/vulnerabilities/exploits/21641.c	Trust: 1.7
url:	http://secunia.com/advisories/23338	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/5065	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6651	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6651	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2006/5065	Trust: 0.6
url:	http://www.intel.com/support/wireless/wlan/sb/cs-023065.htm	Trust: 0.3
url:	http://www.intel.com/	Trust: 0.3
url:	http://www.intel.com/network/connectivity/products/wireless/prowireless_mobile.htm	Trust: 0.3
url:	http://secunia.com/product/12914/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/advisories/23338/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-22759 // BID: 21641 // JVNDB: JVNDB-2006-002604 // PACKETSTORM: 53106 // CNNVD: CNNVD-200612-406 // NVD: CVE-2006-6651

CREDITS

Breno Silva Pinto

Trust: 0.6

sources: CNNVD: CNNVD-200612-406

SOURCES

db:	VULHUB	id:	VHN-22759
db:	BID	id:	21641
db:	JVNDB	id:	JVNDB-2006-002604
db:	PACKETSTORM	id:	53106
db:	CNNVD	id:	CNNVD-200612-406
db:	NVD	id:	CVE-2006-6651

LAST UPDATE DATE

2025-04-10T23:16:01.953000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-22759	date:	2011-03-08T00:00:00
db:	BID	id:	21641	date:	2006-12-22T00:03:00
db:	JVNDB	id:	JVNDB-2006-002604	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200612-406	date:	2007-01-03T00:00:00
db:	NVD	id:	CVE-2006-6651	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-22759	date:	2006-12-20T00:00:00
db:	BID	id:	21641	date:	2006-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2006-002604	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	53106	date:	2006-12-19T19:15:33
db:	CNNVD	id:	CNNVD-200612-406	date:	2006-12-19T00:00:00
db:	NVD	id:	CVE-2006-6651	date:	2006-12-20T02:28:00