First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 188902
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Gordon Malm <gengor@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 188902 depends on: Show dependency tree
Show dependency graph
Bug 188902 blocks:

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-08-14 19:55 0000 
madwifi-ng 0.9.3.2 has been released.  Fixes several security issues as well as
compilation with kernel 2.6.22.  It is only a maintenance release with no new
features.

http://madwifi.org/wiki/Releases/0.9.3.2

I will test and then attach some ebuilds later when I get some time if someone
doesn't beat me too it.

Reproducible: Always

Steps to Reproduce:

------- Comment #1 From Pierre-Yves Rofes 2007-08-14 20:09:57 0000 ------- 
Thanks for the report Gordon.
I just saw on #-commit that steev already bumped madwifi-ng-tools, please bump
madwifi-ng too :)
Not sure on the impact, it says 2 NULL pointer dereference, so I'd say it's a
DoS, but maybe there's other ones.

------- Comment #2 From Pierre-Yves Rofes 2007-08-14 20:54:00 0000 ------- 
hi arches, please test and mark stable:

net-wireless/madwifi-ng-0.9.3.2 
net-wireless/madwifi-ng-tools-0.9.3.2.

target keywords are "amd64 ppc x86"

------- Comment #3 From Andrej Kacian (RETIRED) 2007-08-14 21:42:40 0000 ------- 
x86 done

------- Comment #4 From Gordon Malm 2007-08-15 00:13:07 0000 ------- 
Waaaaayyy beat me to it, nice work all.

Here is the changeset/info regarding the races/NPDs so you may review it for
any GLSA considerations.

http://madwifi.org/changeset/2317
http://madwifi.org/ticket/1301

My thanks to all involved for taking care of this so quickly.

------- Comment #5 From Togge 2007-08-15 15:21:23 0000 ------- 
--- amd64 ---
madwifi-ng(-tools)-0.9.3.2

1: emerges
2: passes collision-protect, (multilib-)strict, test
3: works

Portage 2.1.2.11 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.5-r4,
2.6.20-gentoo-r8 x86_64)
=================================================================
System uname: 2.6.20-gentoo-r8 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor
4200+
Gentoo Base System release 1.12.9
Timestamp of tree: Unknown
ccache version 2.4 [enabled]
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.23b
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -ggdb -march=athlon64 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/init.d
/etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -ggdb -march=athlon64 -pipe"
DISTDIR="/tmp/portage"
FEATURES="ccache collision-protect distlocks metadata-transfer multilib-strict
parallel-fetch sandbox sfperms splitdebug strict test"
GENTOO_MIRRORS="http://ds.thn.htu.se/linux/gentoo              
http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/           
http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/           
http://mirror.switch.ch/mirror/gentoo/         
http://trumpetti.atm.tut.fi/gentoo/"
LANG="en_US.utf-8"
LINGUAS="en sv"
MAKEOPTS="-j3"
PKGDIR="/tmp/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/private"
SYNC="rsync://dx/gentoo-portage"
USE="3dnow 3dnowext X a52 aac acpi aiglx alsa amd64 arts asf avi
bash-completion berkdb bitmap-fonts branding browserplugin cairo ccache cdr cli
cpudetection cracklib crypt cscope css cups cvs dbus divx divx4linux dlloader
dri dvd dvdr dvdread eds emboss encode esd evo fam ffmpeg firefox flac
foomaticdb fortran freetype gdbm geoip gif gimp gmedia gnokii gnome gpm
gstreamer gtk hal http iconv ieee1394 imap imlib ipv6 isdnlog java javascript
jfs jpeg kde kdeenablefinal kdehiddenvisibility kdepim kerberos logitech-mouse
mad madwifi maildir midi mikmod mmx mmx2 mmxext mono mozbranding moznopango
mozsvg mp3 mpeg mplayer msn mudflap ncurses nls nptl nptlonly nsplugin ntfs
nvidia obex ogg oggvorbis opengl openmp oss pam pcre pdf pdflib perl png pppd
python qt qt3 qt3support qt4 quicktime readline realmedia reflection reiserfs
samba scanner sdl session spell spl sse sse2 ssl subversion svg symlink tcpd
test tetex theora threads tiff truetype truetype-fonts type1-fonts udev unicode
usb v4l v4l2 vim-syntax vim-with-x visualization vorbis wifi wmf wmp wxwindows
xcomposite xface xfs xine xinerama xml xorg xosd xpm xprint xv xvid zlib"
ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop
empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi
null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse
keyboard evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780
lb216 lcdm001 mtxorb ncurses text" LINGUAS="en sv" USERLAND="GNU"
VIDEO_CARDS="nv nvidia"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPT

------- Comment #6 From Christoph Mende 2007-08-15 17:15:43 0000 ------- 
amd64 stable

------- Comment #7 From Tobias Scherbaum 2007-08-15 21:29:41 0000 ------- 
ppc stable, ready for GLSA voting

------- Comment #8 From Sune Kloppenborg Jeppesen 2007-08-17 21:44:16 0000 ------- 
I tend to vote YES.

------- Comment #9 From Pierre-Yves Rofes 2007-08-20 08:37:55 0000 ------- 
I tend to vote YES too.

------- Comment #10 From Jonathan Smith 2007-08-21 15:34:14 0000 ------- 
here is some info from SUSE on this matter:

"According to madwifi developers, the security hole is hardly exploitable. The
mentioned two NULL pointer dereferences are in code marking a channel occupied
by a radar. That means, you would need a radar unit or find another way making
the card believe there is a radar around. Additionally, it is required that no
VAPs are scanning or running, which would be also rather uncommon."

in light of that, i'd vote no, if i had a vote :-)

------- Comment #11 From Sune Kloppenborg Jeppesen 2007-08-21 20:36:46 0000 ------- 
I saw that one too. Reverting my vote to full NO unless futher information
surfaces.

------- Comment #12 From Pierre-Yves Rofes 2007-08-24 13:04:37 0000 ------- 
changing my vote to NO wrt comment #10, and closing without glsa. Feel free to
reopen if you disagree.
First Last Prev Next    No search results available      Search page      Enter new bug