ID CVE-2009-0282
Summary Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.
References
Vulnerable Configurations
  • cpe:2.3:h:ralinktech:rt73:3.08:*:*:*:*:*:*:*
    cpe:2.3:h:ralinktech:rt73:3.08:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 33340
bugtraq 20090118 Ralinktech wireless cards drivers vulnerability
debian
  • DSA-1712
  • DSA-1713
  • DSA-1714
gentoo GLSA-200907-08
misc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995
secunia
  • 33592
  • 33699
  • 35743
statements via4
contributor Mark J Cox
lastmodified 2009-02-02
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, and Red Hat Enterprise MRG.
Last major update 30-10-2018 - 16:25
Published 27-01-2009 - 18:30
Back to Top