| Summary: | net-wireless/madwifi-ng < 0.9.3.3 "xrates" Remote Denial of Service (CVE-2007-5448) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Tobias Heinlein (RETIRED) <keytoaster> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | minor | CC: | gengor, mobile+disabled, steev | ||||
| Priority: | High | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| URL: | http://secunia.com/advisories/27197/ | ||||||
| Whiteboard: | B3 [glsa] | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Attachments: |
|
||||||
Steev, please provide an updated ebuild. The patch that addresses this issue for trunk is here: http://madwifi.org/changeset/2736 Since the code in ieee80211_scan_ap.c was merged in after the 0.9.3.2 release, we only need to fix the parts in ieee80211_scan_sta.c. Created attachment 133482 [details, diff]
madwifi-ng-0.9.3.2-xrates-dos.patch
Backported from trunk.
Steev, please have a look.
Rbu you are a godsend - I am swamped with work - if a few other people can verify that it works, ill give my blessing to apply (as I always do with the security bugs) (In reply to comment #4) > Rbu you are a godsend - I am swamped with work - if a few other people can > verify that it works, ill give my blessing to apply (as I always do with the > security bugs) I don't use it. Maybe someone on mobile can give a test? According to the madwifi website, this bug (and the 2.6.23 compile errors) were fixed in 0.9.3.3. See http://madwifi.org/wiki/news/20071018/release-0-9-3-3-available That it is - I am just getting ready to commit - sorry its taken so long, been a busy few weeks for me. Okay, 0.9.3.3 is in portage, security team do your thing :) Arches, please test and mark stable madwifi-ng-9.3.3 Target kewyords: "amd64 ppc x86" (In reply to comment #9) > Arches, please test and mark stable madwifi-ng-9.3.3 Of course you should read 0.9.3.3 :p btw, shouldn't madwifi-ng-tools stabilized too? (In reply to comment #10) > btw, shouldn't madwifi-ng-tools stabilized too? it is required by madwifi-ng. x86 stable. ppc stable amd64 stable B3 -> glsa? If I understand correctly, anyone in my network can crash my box, so this would be a "yes" for me. yes too and request filed. GLSA 200711-09 |
Clemens Kolbitsch and Sylvester Keil have reported a vulnerability in MadWifi, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the processing of beacon frames. This can be exploited via a specially crafted beacon frame with an overly large "length" value (greater than 15) in the extended supported rates element ("xrates"). Successful exploitation causes the driver to exit and results in a kernel panic. The vulnerability is reported in version 0.9.3.2. Other versions may also be affected. Solution: Fixed in the SVN repository. http://madwifi.org/changeset/2736