Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 239371 (CVE-2008-4395) - net-wireless/ndiswrapper <1.53-r1 Multiple buffer overflows (CVE-2008-4395)
Summary: net-wireless/ndiswrapper <1.53-r1 Multiple buffer overflows (CVE-2008-4395)
Alias: CVE-2008-4395
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: B0? [glsa]
Depends on:
Reported: 2008-10-02 20:27 UTC by Robert Buchholz (RETIRED)
Modified: 2009-01-11 00:48 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

ndiswrapper-CVE-2008-4395.patch (ndiswrapper-CVE-2008-4395.patch,2.96 KB, patch)
2008-10-02 20:29 UTC, Robert Buchholz (RETIRED)
no flags Details | Diff
ndiswrapper-1.53.ebuild (ndiswrapper-1.53.ebuild,2.95 KB, text/plain)
2008-10-02 22:53 UTC, Piotr Jaroszyński (RETIRED)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-10-02 20:27:08 UTC
** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

Anders Kaseorg discovered that ndiswrapper did not correctly handle
long ESSIDs.  If ndiswrapper is in use, a physically near-by attacker
could generate specially crafted wireless network traffic and crash
the system, leading to a denial of service.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-10-02 20:28:26 UTC
Piotr, please prepare an updated ebuild applying the patch and attach it to this bug. We will do prestable testing here. Do not commit anything to CVS.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-10-02 20:29:23 UTC
Created attachment 167023 [details, diff]
Comment 3 Piotr Jaroszyński (RETIRED) gentoo-dev 2008-10-02 22:53:13 UTC
Created attachment 167029 [details]
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-10-03 01:20:22 UTC
Arch Security Liaisons, please test the attached ebuild and report it stable on this bug.
Target keywords : "x86"

CC'ing current Liaisons:
     x86 : maekke, armin76
Comment 5 Markus Meier gentoo-dev 2008-10-04 09:26:03 UTC
looks good on x86
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-10-24 10:42:57 UTC
This is now public via:

Please commit to CVS with the stable keyword gathered in this bug.
Comment 7 Piotr Jaroszyński (RETIRED) gentoo-dev 2008-10-27 12:54:17 UTC
Comment 8 Christian Hoffmann (RETIRED) gentoo-dev 2008-10-27 14:00:40 UTC
Please don't close security bugs right after your part of the work is done, the security team's is not done necessarily. :)

Time for GLSA vote.
Comment 9 Christian Hoffmann (RETIRED) gentoo-dev 2008-11-06 13:58:08 UTC
Note that the Ubuntu advisory [1] talks about "arbitrary code [execution] with root privileges", so maybe we need to reclassify this.

Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2008-11-06 16:33:40 UTC
CVE does so, too. Filed a request
Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2009-01-11 00:48:29 UTC
GLSA 200901-01, sorry for delay.