Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 257023 (CVE-2009-0282)

Summary: net-wireless/rt{2400,2500,2570}, net-wireless/rt61 net-wireless/ralink-rt61 integer overflows (CVE-2009-0282)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: enhancement CC: mobile+disabled, radek, steev
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995
Whiteboard: B0 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 183085, 190718, 277232    
Bug Blocks:    

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-31 00:21:12 UTC
CVE-2009-0282 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0282):
  Integer overflow in Ralink Technology USB wireless adapter (RT73)
  3.08 for Windows, and other wireless card drivers including rt2400,
  rt2500, rt2570, and rt61, allows remote attackers to cause a denial
  of service (crash) and possibly execute arbitrary code via a Probe
  Request packet with a long SSID, possibly related to an integer
  signedness error.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-01-31 02:13:30 UTC
This might allow for remote root compromise. Debian already distributes patches, are they upstream yet?
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-02-04 16:57:48 UTC
*** Bug 257631 has been marked as a duplicate of this bug. ***
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-02-04 16:59:32 UTC
Yes, patches are in their advisories:
http://www.debian.org/security/2009/dsa-1712
http://www.debian.org/security/2009/dsa-1713
http://www.debian.org/security/2009/dsa-1714

Changing to [ebuild].
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2009-02-04 17:32:10 UTC
I do not have the hardware to test, so I won't be touching this. Anyone else, please bump (darkside?).
Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-02-26 21:57:15 UTC
ping, this is a rather serious issue...
Comment 6 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2009-02-26 22:09:59 UTC
(In reply to comment #4)
> I do not have the hardware to test, so I won't be touching this. Anyone else,
> please bump (darkside?).
> 

Nope, I just failed at searching for the bug and saw the vuln in my blog radar. Sorry.
Comment 7 Steev Klimaszewski (RETIRED) gentoo-dev 2009-03-11 16:42:46 UTC
I do apologize for totally missing this bug until today - is there a way to maybe switch a security bug around to have something of note in the summary?  CVE would be nice (assuming one exists) - so that they stand out somehow.  Anyway - I've been using the in kernel rt2500usb since 2.26(I think) - I've always stated that the out of kernel would be going away when it was stable enough for use, however at the moment, I don't have any cards with me (I'm at work) - so I can't test a fix.  Most of my cards that are rt2x00 based require WEP or open access points, which I don't currently have access to.  I do have one rt2x00 card that CAN do WPA, I have not had a chance to look in to it though.  If you can find one near you, it is the http://en.wikipedia.org/wiki/Nintendo_Wi-Fi_USB_Connector .  You'd have to find it at a resell shop most likely.  To finish off the comment, I've always said that Security can fix any issue that creeps up without me getting upset.  Same in this case for any package I maintain.
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2009-03-11 16:54:11 UTC
(In reply to comment #7)
> I do apologize for totally missing this bug until today - is there a way to
> maybe switch a security bug around to have something of note in the summary? 

It's in the "Gentoo Security" component. Bugzilla queries allow filtering for that, and it's in some X-header in bugmails if you use procmail or similar to filter.


> Anyway - I've been using the in kernel rt2500usb since 2.26(I think) - I've
> always stated that the out of kernel would be going away when it was stable
> enough for use, however at the moment, I don't have any cards with me (I'm at
> work) - so I can't test a fix.  Most of my cards that are rt2x00 based require
> WEP or open access points, which I don't currently have access to.  I do have
> one rt2x00 card that CAN do WPA, I have not had a chance to look in to it
> though.  If you can find one near you, it is the
> http://en.wikipedia.org/wiki/Nintendo_Wi-Fi_USB_Connector .  You'd have to find
> it at a resell shop most likely.  To finish off the comment, I've always said
> that Security can fix any issue that creeps up without me getting upset.  Same
> in this case for any package I maintain.

Well, no worries if it's going to take a few more days, but if you find the in-kernel support to be as complete as the extra modules, they sure can be kicked out. 
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2009-07-12 17:50:45 UTC
GLSA 200907-08, this bug can be closed once they are gone.
Comment 10 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2009-09-04 02:14:30 UTC
all are gone
Comment 11 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-04 16:30:40 UTC
Looks like we are finally done here. Closing.