Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 157449

Summary: net-wireless/madwifi-ng 0.9.2 local+remote buffer overflow vulnerability
Product: Gentoo Security Reporter: Gordon Malm (RETIRED) <gengor>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: blocker CC: mobile+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://madwifi.org/wiki/news/20061207/release-0-9-2-1-fixes-critical-security-issue
Whiteboard: B0 [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Gordon Malm (RETIRED) gentoo-dev 2006-12-07 10:09:15 UTC
Copy/Pasted from:
http://madwifi.org/wiki/news/20061207/release-0-9-2-1-fixes-critical-security-issue/release-0-9-2-1-fixes-critical-security-issue

A critical security flaw (CVE-2006-6332) has been discovered which can be exploited from remote and allows arbitrary code injection. The fix has been committed to trunk in r1842. In addition, we released v0.9.2.1 (v0.9.2 plus the fix for the issue), which is available for download from sf.net.

All users should upgrade as soon as possible.

--------- End Copy/Paste -----------

0.9.2.1 is availabe with NO other changes from the 0.9.2 version.  Updating the ebuild to the new version should be painless.
Comment 1 Gordon Malm (RETIRED) gentoo-dev 2006-12-07 10:12:48 UTC
This is the download link from madwifi.org's security announcement:

http://sourceforge.net/project/showfiles.php?group_id=82936&package_id=85233
Comment 2 Gordon Malm (RETIRED) gentoo-dev 2006-12-07 10:14:56 UTC
Sorry, bad news link in first post, here is the corrected news link:
http://madwifi.org/wiki/news/20061207/release-0-9-2-1-fixes-critical-security-issue
Comment 3 Sune Kloppenborg Jeppesen gentoo-dev 2006-12-07 10:39:31 UTC
Mobile please provide an updated ebuild. This one seems pretty nasty.
Comment 4 Sune Kloppenborg Jeppesen gentoo-dev 2006-12-07 11:15:40 UTC
Thx Genstef for the quickfix. Arches please test and mark stable. Target keywords are:

madwifi-ng-0.9.2.1.ebuild:KEYWORDS="amd64 ppc x86"
Comment 5 Markus Meier gentoo-dev 2006-12-07 11:53:55 UTC
net-wireless/madwifi-ng-0.9.2.1  USE="-amrr -onoe"
1. emerges on x86
2. passes collision test
3. works

Portage 2.1.1-r2 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, 2.6.18.3 i686)
=================================================================
System uname: 2.6.18.3 i686 Genuine Intel(R) CPU           T2300  @ 1.66GHz
Gentoo Base System version 1.12.6
Last Sync: Thu, 07 Dec 2006 17:30:01 +0000
ccache version 2.3 [disabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="autoconfig collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LINGUAS="en de en_GB de_CH"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom cli cracklib crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds elibc_glibc emboss encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal iconv input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde kdeenablefinal kernel_linux ldap libg++ linguas_de linguas_de_CH linguas_en linguas_en_GB mad mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection rtsp ruby samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex theora threads truetype truetype-fonts type1-fonts udev unicode userland_GNU vcd video_cards_fbdev video_cards_i810 video_cards_vesa vorbis win32codecs wxwindows x264 xine xml xorg xprint xv xvid zlib"
Unset:  CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 6 solar (RETIRED) gentoo-dev 2006-12-07 16:03:45 UTC
More verbose details on this.
http://lists.immunitysec.com/pipermail/dailydave/2006-December/003881.html
Comment 7 Christian Faulhammer (RETIRED) gentoo-dev 2006-12-08 00:30:57 UTC
Done on x86
Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev 2006-12-08 15:53:01 UTC
ppc stable
Comment 9 Gordon Malm (RETIRED) gentoo-dev 2006-12-08 19:32:36 UTC
Nice work gentlemen, an fix for this security bug was made available in portage in just a few hours after it was announced on madwifi.org.

Apparently this patch introduces a possible kernel oops which is now fixed in madwifi's dev tree.  However, the remote exploit is still fixed so no update release is being issued upstream.  Reason is "0.9.3 is at the door".
Comment 10 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-12-10 05:26:18 UTC
hello amd64, something blocking ?
Comment 11 Matthias Geerdsen (RETIRED) gentoo-dev 2006-12-10 12:26:52 UTC
wrt comment #9 that is http://madwifi.org/changeset/1847

kingtaco is working on amd64
Comment 12 Mike Doty (RETIRED) gentoo-dev 2006-12-10 12:54:02 UTC
amd64 stable, sorry for the delay
Comment 13 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-12-10 15:16:11 UTC
GLSA 200612-09