Details of VAR-200809-0311

ID

VAR-200809-0311

CVE

CVE-2008-1144

TITLE

Netgear WN802T Wi-Fi Access point Marvell Service disruption in drivers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-004185

DESCRIPTION

The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a malformed EAPoL-Key packet with a crafted "advertised length.". The NETGEAR WN802T wireless access point is prone to a denial-of-service vulnerability because it fails to adequately handle long key lengths in EAPoL packets. Successful exploits will deny service to legitimate users. Given the nature of this issue, remote code execution may be possible, but this has not been confirmed. NETGEAR WN802T firmware 1.3.16 with the MARVELL 88W8361P-BEM1 chipset is vulnerable. Other devices running this Marvell chipset may also be affected. This packet is used for unicast/multicast key derivation (which are called 4-way handshake and group key handshake) of any secure wireless connection (WPA-PSK, WPA2-PSK, WPA-EAP, WPA2-EAP). This can be achieved only after a successful 802.11 authentication (in "Open" mode according to the configuration of the wireless access point) and a successful 802.11 association with appropriate security parameters (e.g. WPA w/ TKIP unicast, TKIP multicast) which depends on the configuration of the wireless access point. This security vulnerability was reported to Netgear, updated firmwares should be available on their web site. Any other wireless device relying on this vulnerable wireless driver is likely to be vulnerable. Credits: -------- * This vulnerability was discovered by Laurent Butti and Julien Tinnes from France Telecom / Orange . 1) An error exists in the processing of SSID information included in association requests. This can be exploited to reboot or hang-up the device by sending a specially crafted association request. 2) An error in the processing of EAPoL-Key packets can be exploited to reboot or hang-up a device by sending a specially crafted EAPoL-Key packet containing an overly large "length" value. The vulnerabilities are reported in firmware version 1.3.16. Other versions may also be affected. SOLUTION: Use the device only in a trusted network environment. PROVIDED AND/OR DISCOVERED BY: Laurent Butti and Julien Tinnes, France Telecom / Orange ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2008-09/0048.html http://archives.neohapsis.com/archives/bugtraq/2008-09/0049.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.25

sources: NVD: CVE-2008-1144 // JVNDB: JVNDB-2008-004185 // BID: 31013 // VULHUB: VHN-31269 // VULMON: CVE-2008-1144 // PACKETSTORM: 69626 // PACKETSTORM: 69658

IOT TAXONOMY

category:

['network device']

sub_category:

Wi-Fi access point

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	netgear	model:	wn802t	scope:	eq	version:	1.3.16	Trust: 2.0
vendor:	marvell	model:	88w8361w-bem1	scope:	eq	version:	*	Trust: 1.1
vendor:	marvell	model:	88w8361w-bem1	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	wn802t	scope:	eq	version:	1.3.16	Trust: 0.8
vendor:	marvell	model:	semiconductor 88w8361p-bem1 chipset	scope:	eq	version:	0	Trust: 0.3

sources: VULMON: CVE-2008-1144 // BID: 31013 // JVNDB: JVNDB-2008-004185 // CNNVD: CNNVD-200809-084 // NVD: CVE-2008-1144

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-1144
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-1144
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200809-084
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-31269
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2008-1144
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-1144
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-31269
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-31269 // VULMON: CVE-2008-1144 // JVNDB: JVNDB-2008-004185 // CNNVD: CNNVD-200809-084 // NVD: CVE-2008-1144

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-31269 // JVNDB: JVNDB-2008-004185 // NVD: CVE-2008-1144

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200809-084

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200809-084

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-004185

PATCH

title:	Top Page	url:	http://www.marvell.com/	Trust: 0.8
title:	Top Page	url:	http://www.netgear.com/home/	Trust: 0.8
title:	wifuzzit	url:	https://github.com/0xd012/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/flowerhack/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/84KaliPleXon3/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/PleXone2019/wifuzzit	Trust: 0.1
title:	wifuzzit	url:	https://github.com/wi-fi-analyzer/wifuzzit	Trust: 0.1

sources: VULMON: CVE-2008-1144 // JVNDB: JVNDB-2008-004185

EXTERNAL IDS

db:	NVD	id:	CVE-2008-1144	Trust: 3.1
db:	BID	id:	31013	Trust: 2.1
db:	SECUNIA	id:	31770	Trust: 1.9
db:	SREASON	id:	4227	Trust: 1.8
db:	JVNDB	id:	JVNDB-2008-004185	Trust: 0.8
db:	BUGTRAQ	id:	20080904 MARVELL DRIVER EAPOL-KEY LENGTH OVERFLOW	Trust: 0.6
db:	XF	id:	44919	Trust: 0.6
db:	XF	id:	802	Trust: 0.6
db:	CNNVD	id:	CNNVD-200809-084	Trust: 0.6
db:	PACKETSTORM	id:	69626	Trust: 0.2
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-31269	Trust: 0.1
db:	VULMON	id:	CVE-2008-1144	Trust: 0.1
db:	PACKETSTORM	id:	69658	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-31269 // VULMON: CVE-2008-1144 // BID: 31013 // JVNDB: JVNDB-2008-004185 // PACKETSTORM: 69626 // PACKETSTORM: 69658 // CNNVD: CNNVD-200809-084 // NVD: CVE-2008-1144

REFERENCES

url:	http://www.securityfocus.com/bid/31013	Trust: 1.9
url:	http://secunia.com/advisories/31770	Trust: 1.8
url:	http://securityreason.com/securityalert/4227	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/495982/100/0/threaded	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/44919	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1144	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1144	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/44919	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/495982/100/0/threaded	Trust: 0.6
url:	http://www.marvell.com/	Trust: 0.3
url:	http://www.netgear.com	Trust: 0.3
url:	http://kbserver.netgear.com/products/wn802t.asp	Trust: 0.3
url:	/archive/1/495982	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/0xd012/wifuzzit	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-1144	Trust: 0.1
url:	http://archives.neohapsis.com/archives/bugtraq/2008-09/0049.html	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/19749/	Trust: 0.1
url:	http://archives.neohapsis.com/archives/bugtraq/2008-09/0048.html	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/corporate/jobs/open_positions/	Trust: 0.1
url:	http://secunia.com/advisories/31770/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

Laurent Butti※ laurent.butti@orange-ftgroup.com

Trust: 0.6

sources: CNNVD: CNNVD-200809-084

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-31269
db:	VULMON	id:	CVE-2008-1144
db:	BID	id:	31013
db:	JVNDB	id:	JVNDB-2008-004185
db:	PACKETSTORM	id:	69626
db:	PACKETSTORM	id:	69658
db:	CNNVD	id:	CNNVD-200809-084
db:	NVD	id:	CVE-2008-1144

LAST UPDATE DATE

2025-04-10T22:07:58.683000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-31269	date:	2018-10-11T00:00:00
db:	VULMON	id:	CVE-2008-1144	date:	2018-10-11T00:00:00
db:	BID	id:	31013	date:	2008-09-04T19:34:00
db:	JVNDB	id:	JVNDB-2008-004185	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200809-084	date:	2009-01-29T00:00:00
db:	NVD	id:	CVE-2008-1144	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-31269	date:	2008-09-05T00:00:00
db:	VULMON	id:	CVE-2008-1144	date:	2008-09-05T00:00:00
db:	BID	id:	31013	date:	2008-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2008-004185	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	69626	date:	2008-09-04T17:17:26
db:	PACKETSTORM	id:	69658	date:	2008-09-05T15:36:36
db:	CNNVD	id:	CNNVD-200809-084	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-1144	date:	2008-09-05T16:08:00