Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 480362 (CVE-2013-4216) - net-wireless/wimax: Multiple vulnerabilities (CVE-2013-{4216,4217,4218,4219})
Summary: net-wireless/wimax: Multiple vulnerabilities (CVE-2013-{4216,4217,4218,4219})
Status: RESOLVED FIXED
Alias: CVE-2013-4216
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B2 [noglsa]
Keywords:
Depends on: 514918
Blocks:
  Show dependency tree
 
Reported: 2013-08-09 12:47 UTC by Agostino Sarubbo
Modified: 2016-06-30 11:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-08-09 12:47:23 UTC
From ${URL} :

* Issue #1: Log file created with insecure (world-writable) permissions
  https://bugzilla.redhat.com/show_bug.cgi?id=911122

  A security flaw was found in the way Trace module of WiMAX, an user space
  daemon for the Intel 2400m Wireless WiMAX link, used to set permissions
  when opening the log file (was created with world-readable / writable
  permissions). A local attacker could use this flaw to, in an unauthorized
  way, alter the content of WiMAX daemon log file (possibly leading to un-enforced
  actions to be performed by system administrator).

* Issue #2: (OSAL crypt module): By setting encrypted password writes unencrypted passwords to log files
  https://bugzilla.redhat.com/show_bug.cgi?id=911121

  A security flaw was found in the way OSAL crypt module of WiMAX, an user
  space daemon for the Intel 2400m Wireless WiMAX link, used to perform
  its internal encrypted password setting action (a failed attempt to set
  the encrypted password was logged into the WiMAX's log file with provided
  password logged in plaintext form). A local attacker could use this flaw
  to obtain sensitive information or conduct unauthorized actions on behalf
  of the user setting the encrypted password.

* Issue #3: Supplicant agent ships RSA private key in the package
  https://bugzilla.redhat.com/show_bug.cgi?id=911126

  A security flaw was found in the way supplicant agent of WiMAX,
  an user space daemon for the Intel 2400m Wireless WiMAX link, used to
  manage its private key (private key was shipped together with the source
  code). A local attacker could use this flaw to obtain security sensitive
  data or, to conduct actions on behalf of private key owner.

* Issue #4:  Three integer overflows, leading to heap-based buffer overflows when handling PDUs for L5 connections
  https://bugzilla.redhat.com/show_bug.cgi?id=911129

  Three cases of integer overflow, leading to heap-based buffer overflow flaw,
  were found in the way socket dispatcher and connector modules for L5
  connections of WiMAX, an user space daemon for the Intel 2400m Wireless
  WiMAX link, used to handle certain payload data units (PDUs) for L5
  connections. A remote attacker could issue a connection request with
  specially-crafted PDU value that, when processed would lead to socket
  dispatcher / connector module crash or, potentially, arbitrary code
  execution with the privileges of the user running these modules.

There are no patches for these issues yet. They were checked previously
privately with Dan Williams and the suggestion was to file public bugs
even when there are no patches available for these.



@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-08-16 13:44:34 UTC
If I recall correctly, the oss-security discussion indicates upstream is long dead. PMASK here?
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-08-27 02:31:26 UTC
CVE-2013-4219 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4219):
  Multiple integer overflows in the Intel WiMAX Network Service through 1.5.2
  for Intel Wireless WiMAX Connection 2400 devices allow remote attackers to
  cause a denial of service (component crash) or possibly execute arbitrary
  code via an L5 connection with a crafted PDU value that triggers a
  heap-based buffer overflow within (1) L5SocketsDispatcher.c or (2)
  L5Connector.c.

CVE-2013-4218 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4218):
  The InitMethodAndPassword function in
  InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/SupplicantAgent.c in
  the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX
  Connection 2400 devices uses the same RSA private key in supplicant_key.pem
  on all systems, which allows local users to obtain sensitive information via
  unspecified decryption operations.

CVE-2013-4217 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4217):
  The OSAL_Crypt_SetEncryptedPassword function in
  InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in
  the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for
  Intel Wireless WiMAX Connection 2400 devices logs a cleartext password
  during certain attempts to set a password, which allows local users to
  obtain sensitive information by reading a log file.

CVE-2013-4216 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4216):
  The Trace_OpenLogFile function in
  InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in
  the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel
  Wireless WiMAX Connection 2400 devices uses world-writable permissions for
  wimaxd.log, which allows local users to cause a denial of service (data
  corruption) by modifying this file.
Comment 3 Pacho Ramos gentoo-dev 2015-02-03 14:56:27 UTC
removed
Comment 4 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-02-21 13:09:40 UTC
Package was tree cleaned over a year ago.
Comment 5 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-06-30 11:16:55 UTC
Package has been removed from the tree for over a year.  Closing.