The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.

Search for modules

Apple Airport 802.11 Probe Response Kernel Memory Corruption

The Apple Airport driver provided with Orinoco-based Airport cards (1999-2003 PowerBooks, iMacs) is vulnerable to a remote memory corruption flaw. When the driver is placed into active scanning mode, a malformed probe response frame can be used to corrupt internal kernel structures, leading to arbitrary code execution. This vulnerability is triggered when a probe response frame is received that does not contain valid information element (IE) fields after the fixed-length header. The data following the fixed-length header is copied over internal kernel structures, resulting in memory operations being performed on attacker-controlled pointer values.

Rank

• Normal

Authors

• hdm < hdm [at] metasploit.com >

References

• CVE-2006-5710
• OSVDB-30180

Development

• Source Code
• History

Similar Modules

• auxiliary/dos/wifi/cts_rts_flood
• auxiliary/dos/wifi/deauth
• auxiliary/dos/wifi/fakeap
• auxiliary/dos/wifi/file2air
• auxiliary/dos/wifi/netgear_ma521_rates
• auxiliary/dos/wifi/netgear_wg311pci
• auxiliary/dos/wifi/probe_resp_null_ssid
• auxiliary/dos/wifi/ssidlist_beacon
• auxiliary/dos/wifi/wifun

Usage Information

Module Options