CVE-2013-4579

Linux kernel < 3.12 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4579. PoCs published by Mathy Vanhoef.

AI-analyzed exploit summary This exploit leverages a bit-flipping technique to disclose the original MAC address of a target device by injecting probe packets and monitoring ACK responses. It uses Scapy to craft and sniff 802.11 frames, exploiting the Linux kernel's handling of wireless frames to leak sensitive information.

Description

The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mathy Vanhoef · pythonremotelinux

https://www.exploit-db.com/exploits/38826

View Code ZIP pw:eip

This exploit leverages a bit-flipping technique to disclose the original MAC address of a target device by injecting probe packets and monitoring ACK responses. It uses Scapy to craft and sniff 802.11 frames, exploiting the Linux kernel's handling of wireless frames to leak sensitive information.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Linux Kernel (with Atheros wireless drivers, though broader impact is implied)

No auth needed

Prerequisites: Proximity to target wireless network · Wireless interface capable of injection/monitoring · Scapy and Python environment

MITRE ATT&CK