The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.

Search for modules

NetGear MA521 Wireless Driver Long Rates Overflow

This module exploits a buffer overflow in the NetGear MA521 wireless device driver under Windows XP. When a specific malformed frame (beacon or probe response) is received by the wireless interface under active scanning mode, the MA521nd5.SYS driver attempts to write to an attacker-controlled memory location. The vulnerability is triggered by an invalid supported rates information element. This DoS was tested with version 5.148.724.2003 of the MA521nd5.SYS driver and a NetGear MA521 Cardbus adapter. A remote code execution module is also in development. This module depends on the Lorcon2 library and only works on the Linux platform with a supported wireless card. Please see the Ruby Lorcon2 documentation (external/ruby-lorcon/README) for more information.

Rank

• Normal

Authors

• Laurent Butti < 0x9090 [at] gmail.com >

References

• CVE-2006-6059
• OSVDB-30507
• http://projects.info-pull.com/mokb/MOKB-18-11-2006.html
• ftp://downloads.netgear.com/files/ma521_1_2.zip

Development

• Source Code
• History

Similar Modules

• auxiliary/dos/wifi/apple_orinoco_probe_response
• auxiliary/dos/wifi/cts_rts_flood
• auxiliary/dos/wifi/deauth
• auxiliary/dos/wifi/fakeap
• auxiliary/dos/wifi/file2air
• auxiliary/dos/wifi/netgear_wg311pci
• auxiliary/dos/wifi/probe_resp_null_ssid
• auxiliary/dos/wifi/ssidlist_beacon
• auxiliary/dos/wifi/wifun

Usage Information

Module Options