Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 239371 (CVE-2008-4395)

Summary: net-wireless/ndiswrapper <1.53-r1 Multiple buffer overflows (CVE-2008-4395)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: mobile+disabled, peper, vladimir
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/275860
Whiteboard: B0? [glsa]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
ndiswrapper-CVE-2008-4395.patch
none
ndiswrapper-1.53.ebuild none

Description Robert Buchholz (RETIRED) gentoo-dev 2008-10-02 20:27:08 UTC 
** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

Anders Kaseorg discovered that ndiswrapper did not correctly handle
long ESSIDs.  If ndiswrapper is in use, a physically near-by attacker
could generate specially crafted wireless network traffic and crash
the system, leading to a denial of service.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-10-02 20:28:26 UTC 
Piotr, please prepare an updated ebuild applying the patch and attach it to this bug. We will do prestable testing here. Do not commit anything to CVS.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-10-02 20:29:23 UTC 
Created attachment 167023 [details, diff]
ndiswrapper-CVE-2008-4395.patch
Comment 3 Piotr Jaroszyński (RETIRED) gentoo-dev 2008-10-02 22:53:13 UTC 
Created attachment 167029 [details]
ndiswrapper-1.53.ebuild
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-10-03 01:20:22 UTC 
Arch Security Liaisons, please test the attached ebuild and report it stable on this bug.
Target keywords : "x86"

CC'ing current Liaisons:
     x86 : maekke, armin76
Comment 5 Markus Meier gentoo-dev 2008-10-04 09:26:03 UTC 
looks good on x86
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-10-24 10:42:57 UTC 
This is now public via:
http://www.mail-archive.com/frugalware-git@frugalware.org/msg22366.html

Please commit to CVS with the stable keyword gathered in this bug.
Comment 7 Piotr Jaroszyński (RETIRED) gentoo-dev 2008-10-27 12:54:17 UTC 
done
Comment 8 Christian Hoffmann (RETIRED) gentoo-dev 2008-10-27 14:00:40 UTC 
Please don't close security bugs right after your part of the work is done, the security team's is not done necessarily. :)

Time for GLSA vote.
Comment 9 Christian Hoffmann (RETIRED) gentoo-dev 2008-11-06 13:58:08 UTC 
Note that the Ubuntu advisory [1] talks about "arbitrary code [execution] with root privileges", so maybe we need to reclassify this.

[1] http://www.ubuntu.com/usn/usn-662-1
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2008-11-06 16:33:40 UTC 
CVE does so, too. Filed a request
Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2009-01-11 00:48:29 UTC 
GLSA 200901-01, sorry for delay.