** Please note that this issue is confidential and no information should be disclosed until it is made public, see "Whiteboard" for a date ** Anders Kaseorg discovered that ndiswrapper did not correctly handle long ESSIDs. If ndiswrapper is in use, a physically near-by attacker could generate specially crafted wireless network traffic and crash the system, leading to a denial of service.
Piotr, please prepare an updated ebuild applying the patch and attach it to this bug. We will do prestable testing here. Do not commit anything to CVS.
Created attachment 167023 [details, diff] ndiswrapper-CVE-2008-4395.patch
Created attachment 167029 [details] ndiswrapper-1.53.ebuild
Arch Security Liaisons, please test the attached ebuild and report it stable on this bug. Target keywords : "x86" CC'ing current Liaisons: x86 : maekke, armin76
looks good on x86
This is now public via: http://www.mail-archive.com/frugalware-git@frugalware.org/msg22366.html Please commit to CVS with the stable keyword gathered in this bug.
done
Please don't close security bugs right after your part of the work is done, the security team's is not done necessarily. :) Time for GLSA vote.
Note that the Ubuntu advisory [1] talks about "arbitrary code [execution] with root privileges", so maybe we need to reclassify this. [1] http://www.ubuntu.com/usn/usn-662-1
CVE does so, too. Filed a request
GLSA 200901-01, sorry for delay.