CVE-2009-0282 - Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wirele

CVE-2009-0282

Summary

Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.

References

Vulnerable Configurations

cpe:2.3:h:ralinktech:rt73:3.08:*:*:*:*:*:*:*
cpe:2.3:h:ralinktech:rt73:3.08:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	33340
bugtraq	20090118 Ralinktech wireless cards drivers vulnerability
debian	DSA-1712 DSA-1713 DSA-1714
gentoo	GLSA-200907-08
misc	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995
secunia	33592 33699 35743

statements via4

contributor	Mark J Cox
lastmodified	2009-02-02
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, and Red Hat Enterprise MRG.

Last major update

30-10-2018 - 16:25

Published

27-01-2009 - 18:30

Last modified

30-10-2018 - 16:25