Summary: | net-wireless/wimax: Multiple vulnerabilities (CVE-2013-{4216,4217,4218,4219}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexxy |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/08/08/10 | ||
Whiteboard: | B2 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 514918 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-08-09 12:47:23 UTC
If I recall correctly, the oss-security discussion indicates upstream is long dead. PMASK here? CVE-2013-4219 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4219): Multiple integer overflows in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices allow remote attackers to cause a denial of service (component crash) or possibly execute arbitrary code via an L5 connection with a crafted PDU value that triggers a heap-based buffer overflow within (1) L5SocketsDispatcher.c or (2) L5Connector.c. CVE-2013-4218 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4218): The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/SupplicantAgent.c in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses the same RSA private key in supplicant_key.pem on all systems, which allows local users to obtain sensitive information via unspecified decryption operations. CVE-2013-4217 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4217): The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices logs a cleartext password during certain attempts to set a password, which allows local users to obtain sensitive information by reading a log file. CVE-2013-4216 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4216): The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses world-writable permissions for wimaxd.log, which allows local users to cause a denial of service (data corruption) by modifying this file. removed Package was tree cleaned over a year ago. Package has been removed from the tree for over a year. Closing. |