Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 199828 (CVE-2007-6025) - net-wireless/wpa_supplicant < 0.6.1 driver_wext.c Buffer overflow remote DoS (CVE-2007-6025)
Summary: net-wireless/wpa_supplicant < 0.6.1 driver_wext.c Buffer overflow remote DoS ...
Status: RESOLVED FIXED
Alias: CVE-2007-6025
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard: ~3 [noglsa]
Keywords:
: 201650 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-11-20 21:26 UTC by Robert Buchholz (RETIRED)
Modified: 2008-01-08 01:42 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-11-20 21:26:09 UTC 
CVE-2007-6025 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6025):
  Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and
  earlier allows remote attackers to cause a denial of service (crash) via
  crafted TSF data.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-11-20 21:29:52 UTC 
As it seems, our current stable 0.5.7 might not be affected by this bug, but the ~arch ebuilds are.
Patch is in $URL and is already committed upstream.

Mobile, please advise.
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-09 00:04:08 UTC 
(In reply to comment #1)
> As it seems, our current stable 0.5.7 might not be affected by this bug, but
> the ~arch ebuilds are.
> Patch is in $URL and is already committed upstream.
> 
> Mobile, please advise.
> 

*ping*
Comment 3 Davide Pesavento (RETIRED) gentoo-dev 2007-12-10 22:15:16 UTC 
Version 0.6.1, which fixes the bug, has been released.
Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-18 21:01:34 UTC 
(In reply to comment #3)
> Version 0.6.1, which fixes the bug, has been released.
> 

Thanks for the info. mobile herd, please bump so we can close this one.
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2008-01-08 01:21:32 UTC 
*** Bug 201650 has been marked as a duplicate of this bug. ***
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-01-08 01:42:35 UTC 
*wpa_supplicant-0.6.1 (08 Jan 2008)

  08 Jan 2008; Robert Buchholz <rbu@gentoo.org>
  -wpa_supplicant-0.6.0.ebuild, +wpa_supplicant-0.6.1.ebuild:
  Version bump by security for remote DoS vulnerability (CVE-2007-6025) in
  0.6.0 (bug #199828)