|Summary:||net-wireless/ndiswrapper <1.53-r1 Multiple buffer overflows (CVE-2008-4395)|
|Product:||Gentoo Security||Reporter:||Robert Buchholz (RETIRED) <rbu>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||major||CC:||mobile+disabled, peper, vladimir|
|Package list:||Runtime testing required:||---|
Description Robert Buchholz (RETIRED) 2008-10-02 20:27:08 UTC
** Please note that this issue is confidential and no information should be disclosed until it is made public, see "Whiteboard" for a date ** Anders Kaseorg discovered that ndiswrapper did not correctly handle long ESSIDs. If ndiswrapper is in use, a physically near-by attacker could generate specially crafted wireless network traffic and crash the system, leading to a denial of service.
Comment 1 Robert Buchholz (RETIRED) 2008-10-02 20:28:26 UTC
Piotr, please prepare an updated ebuild applying the patch and attach it to this bug. We will do prestable testing here. Do not commit anything to CVS.
Comment 2 Robert Buchholz (RETIRED) 2008-10-02 20:29:23 UTC
Created attachment 167023 [details, diff] ndiswrapper-CVE-2008-4395.patch
Comment 3 Piotr Jaroszyński (RETIRED) 2008-10-02 22:53:13 UTC
Created attachment 167029 [details] ndiswrapper-1.53.ebuild
Comment 4 Robert Buchholz (RETIRED) 2008-10-03 01:20:22 UTC
Arch Security Liaisons, please test the attached ebuild and report it stable on this bug. Target keywords : "x86" CC'ing current Liaisons: x86 : maekke, armin76
Comment 5 Markus Meier 2008-10-04 09:26:03 UTC
looks good on x86
Comment 6 Robert Buchholz (RETIRED) 2008-10-24 10:42:57 UTC
This is now public via: http://firstname.lastname@example.org/msg22366.html Please commit to CVS with the stable keyword gathered in this bug.
Comment 7 Piotr Jaroszyński (RETIRED) 2008-10-27 12:54:17 UTC
Comment 8 Christian Hoffmann (RETIRED) 2008-10-27 14:00:40 UTC
Please don't close security bugs right after your part of the work is done, the security team's is not done necessarily. :) Time for GLSA vote.
Comment 9 Christian Hoffmann (RETIRED) 2008-11-06 13:58:08 UTC
Note that the Ubuntu advisory  talks about "arbitrary code [execution] with root privileges", so maybe we need to reclassify this.  http://www.ubuntu.com/usn/usn-662-1
Comment 10 Robert Buchholz (RETIRED) 2008-11-06 16:33:40 UTC
CVE does so, too. Filed a request
Comment 11 Robert Buchholz (RETIRED) 2009-01-11 00:48:29 UTC
GLSA 200901-01, sorry for delay.