Sign-up

ID

VAR-201308-0248


CVE

CVE-2013-4219


TITLE

Intel Wireless WiMAX Connection 2400 for Intel WiMAX Network Service Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003891

DESCRIPTION

Multiple integer overflows in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices allow remote attackers to cause a denial of service (component crash) or possibly execute arbitrary code via an L5 connection with a crafted PDU value that triggers a heap-based buffer overflow within (1) L5SocketsDispatcher.c or (2) L5Connector.c. wimax-ns is prone to multiple security vulnerabilities including; 1. An insecure file-permission issue 2. Multiple information-disclosure issues 3. Multiple buffer-overflow issues Attackers can exploit these issues to disclose sensitive information and execute arbitrary code on the affected device. Failed exploit attempts will result in a denial-of-service condition. Intel WiMAX Network Service is a network service of Intel Corporation that integrates 802.16 wireless metropolitan area network technology. These vulnerabilities are caused by the fact that the socket dispatcher and connector modules of the L5 connection do not filter when processing payload data units (PDUs) Input submitted by the user

Trust: 1.98

sources: NVD: CVE-2013-4219 // JVNDB: JVNDB-2013-003891 // BID: 61696 // VULHUB: VHN-64221

AFFECTED PRODUCTS

vendor:intelmodel:wimax network servicescope:lteversion:1.5.2

Trust: 1.8

vendor:intelmodel:wimax network servicescope:eqversion:1.5.0

Trust: 1.6

vendor:intelmodel:wimax network servicescope:eqversion:1.5.2

Trust: 0.6

vendor:intelmodel:wimax-nsscope:eqversion:0

Trust: 0.3

sources: BID: 61696 // JVNDB: JVNDB-2013-003891 // CNNVD: CNNVD-201308-376 // NVD: CVE-2013-4219

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4219
value: HIGH

Trust: 1.0

NVD: CVE-2013-4219
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201308-376
value: HIGH

Trust: 0.6

VULHUB: VHN-64221
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-4219
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-64221
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-64221 // JVNDB: JVNDB-2013-003891 // CNNVD: CNNVD-201308-376 // NVD: CVE-2013-4219

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-64221 // JVNDB: JVNDB-2013-003891 // NVD: CVE-2013-4219

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-376

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201308-376

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003891

PATCH
title:Bug 911129url:https://bugzilla.redhat.com/show_bug.cgi?id=911129
Trust: 0.8
title:Bug 995160url:https://bugzilla.redhat.com/show_bug.cgi?id=995160
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003891

EXTERNAL IDS
db:NVDid:CVE-2013-4219
Trust: 2.8
db:OPENWALLid:OSS-SECURITY/2013/08/08/17
Trust: 1.7
db:JVNDBid:JVNDB-2013-003891
Trust: 0.8
db:CNNVDid:CNNVD-201308-376
Trust: 0.7
db:MLISTid:[OSS-SECURITY] 20130808 RE: CVE REQUEST -- FOUR FLAWS IN WIMAX (AFAIK UPSTREAM IS DEAD FOR THIS)
Trust: 0.6
db:BIDid:61696
Trust: 0.3
db:VULHUBid:VHN-64221
Trust: 0.1
sources:
            
            
            VULHUB: VHN-64221 // 
            
            
            
            BID: 61696 // 
            
            
            
            JVNDB: JVNDB-2013-003891 // 
            
            
            
            CNNVD: CNNVD-201308-376 // 
            
            
            
            NVD: CVE-2013-4219

REFERENCES
url:https://bugzilla.redhat.com/show_bug.cgi?id=911129
Trust: 2.0
url:http://www.openwall.com/lists/oss-security/2013/08/08/17
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4219
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4219
Trust: 0.8
url:https://bugzilla.redhat.com/show_bug.cgi?id=911121
Trust: 0.3
url:https://bugzilla.redhat.com/show_bug.cgi?id=911122
Trust: 0.3
url:https://bugzilla.redhat.com/show_bug.cgi?id=911126
Trust: 0.3
url:http://seclists.org/oss-sec/2013/q3/326
Trust: 0.3
url:https://github.com/ago/wimax-ns
Trust: 0.3
sources:
            
            
            VULHUB: VHN-64221 // 
            
            
            
            BID: 61696 // 
            
            
            
            JVNDB: JVNDB-2013-003891 // 
            
            
            
            CNNVD: CNNVD-201308-376 // 
            
            
            
            NVD: CVE-2013-4219

CREDITS
Florian Weimer of Red Hat Product Security Team
Trust: 0.3
sources:
            
            
            BID: 61696

SOURCES
db:VULHUBid:VHN-64221
db:BIDid:61696
db:JVNDBid:JVNDB-2013-003891
db:CNNVDid:CNNVD-201308-376
db:NVDid:CVE-2013-4219

LAST UPDATE DATE
2025-04-11T22:48:41.321000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-64221date:2013-08-26T00:00:00
db:BIDid:61696date:2013-08-08T00:00:00
db:JVNDBid:JVNDB-2013-003891date:2013-08-27T00:00:00
db:CNNVDid:CNNVD-201308-376date:2013-08-29T00:00:00
db:NVDid:CVE-2013-4219date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-64221date:2013-08-25T00:00:00
db:BIDid:61696date:2013-08-08T00:00:00
db:JVNDBid:JVNDB-2013-003891date:2013-08-27T00:00:00
db:CNNVDid:CNNVD-201308-376date:2013-08-29T00:00:00
db:NVDid:CVE-2013-4219date:2013-08-25T03:27:32.913