Vulnerabilities > CVE-2009-0282 - Numeric Errors vulnerability in Ralinktech Rt73 3.08
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1712.NASL description It was discovered that an integer overflow in the last seen 2020-06-01 modified 2020-06-02 plugin id 35547 published 2009-01-29 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35547 title Debian DSA-1712-1 : rt2400 - integer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1712. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(35547); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2009-0282"); script_xref(name:"DSA", value:"1712"); script_name(english:"Debian DSA-1712-1 : rt2400 - integer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that an integer overflow in the 'Probe Request' packet parser of the Ralinktech wireless drivers might lead to remote denial of service or the execution of arbitrary code. Please note that you need to rebuild your driver from the source package in order to set this update into effect. Detailed instructions can be found in /usr/share/doc/rt2400-source/README.Debian" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1712" ); script_set_attribute( attribute:"solution", value: "Upgrade the rt2400 package. For the stable distribution (etch), this problem has been fixed in version 1.2.2+cvs20060620-4+etch1. For the upcoming stable distribution (lenny) and the unstable distribution (sid), this problem has been fixed in version 1.2.2+cvs20080623-3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rt2400"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/01/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/01/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"rt2400", reference:"1.2.2+cvs20060620-4+etch1")) flag++; if (deb_check(release:"4.0", prefix:"rt2400-source", reference:"1.2.2+cvs20060620-4+etch1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1714.NASL description It was discovered that an integer overflow in the last seen 2020-06-01 modified 2020-06-02 plugin id 35549 published 2009-01-29 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35549 title Debian DSA-1714-1 : rt2570 - integer overflow NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200907-08.NASL description The remote host is affected by the vulnerability described in GLSA-200907-08 (Multiple Ralink wireless drivers: Execution of arbitrary code) Aviv reported an integer overflow in multiple Ralink wireless card drivers when processing a probe request packet with a long SSID, possibly related to an integer signedness error. Impact : A physically proximate attacker could send specially crafted packets to a user who has wireless networking enabled, possibly resulting in the execution of arbitrary code with root privileges. Workaround : Unload the kernel modules. last seen 2020-06-01 modified 2020-06-02 plugin id 39779 published 2009-07-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39779 title GLSA-200907-08 : Multiple Ralink wireless drivers: Execution of arbitrary code NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1713.NASL description It was discovered that an integer overflow in the last seen 2020-06-01 modified 2020-06-02 plugin id 35548 published 2009-01-29 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35548 title Debian DSA-1713-1 : rt2500 - integer overflow
Statements
| contributor | Mark J Cox |
| lastmodified | 2009-02-02 |
| organization | Red Hat |
| statement | Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, and Red Hat Enterprise MRG. |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995
- http://secunia.com/advisories/33592
- http://secunia.com/advisories/33699
- http://secunia.com/advisories/35743
- http://security.gentoo.org/glsa/glsa-200907-08.xml
- http://www.debian.org/security/2009/dsa-1712
- http://www.debian.org/security/2009/dsa-1713
- http://www.debian.org/security/2009/dsa-1714
- http://www.securityfocus.com/archive/1/500168/100/0/threaded
- http://www.securityfocus.com/bid/33340