239371 – (CVE-2008-4395) net-wireless/ndiswrapper <1.53-r1 Multiple buffer overflows (CVE-2008-4395)

Bug 239371 (CVE-2008-4395) - net-wireless/ndiswrapper <1.53-r1 Multiple buffer overflows (CVE-2008-4395)

Summary: net-wireless/ndiswrapper <1.53-r1 Multiple buffer overflows (CVE-2008-4395)

Status:	RESOLVED FIXED

Alias:	CVE-2008-4395

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	https://bugs.launchpad.net/ubuntu/+so...
Whiteboard:	B0? [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-10-02 20:27 UTC by Robert Buchholz (RETIRED)
Modified:	2009-01-11 00:48 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
ndiswrapper-CVE-2008-4395.patch (ndiswrapper-CVE-2008-4395.patch,2.96 KB, patch) 2008-10-02 20:29 UTC, Robert Buchholz (RETIRED)	no flags	Details \| Diff
ndiswrapper-1.53.ebuild (ndiswrapper-1.53.ebuild,2.95 KB, text/plain) 2008-10-02 22:53 UTC, Piotr Jaroszyński (RETIRED)	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-10-02 20:27:08 UTC

** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **

Anders Kaseorg discovered that ndiswrapper did not correctly handle
long ESSIDs.  If ndiswrapper is in use, a physically near-by attacker
could generate specially crafted wireless network traffic and crash
the system, leading to a denial of service.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-10-02 20:28:26 UTC

Piotr, please prepare an updated ebuild applying the patch and attach it to this bug. We will do prestable testing here. Do not commit anything to CVS.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-10-02 20:29:23 UTC

Created attachment 167023 [details, diff]
ndiswrapper-CVE-2008-4395.patch

Comment 3 Piotr Jaroszyński (RETIRED) gentoo-dev

2008-10-02 22:53:13 UTC

Created attachment 167029 [details]
ndiswrapper-1.53.ebuild

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2008-10-03 01:20:22 UTC

Arch Security Liaisons, please test the attached ebuild and report it stable on this bug.
Target keywords : "x86"

CC'ing current Liaisons:
     x86 : maekke, armin76

Comment 5 Markus Meier gentoo-dev

2008-10-04 09:26:03 UTC

looks good on x86

Comment 6 Robert Buchholz (RETIRED) gentoo-dev

2008-10-24 10:42:57 UTC

This is now public via:
http://www.mail-archive.com/frugalware-git@frugalware.org/msg22366.html

Please commit to CVS with the stable keyword gathered in this bug.

Comment 7 Piotr Jaroszyński (RETIRED) gentoo-dev

2008-10-27 12:54:17 UTC

done

Comment 8 Christian Hoffmann (RETIRED) gentoo-dev

2008-10-27 14:00:40 UTC

Please don't close security bugs right after your part of the work is done, the security team's is not done necessarily. :)

Time for GLSA vote.

Comment 9 Christian Hoffmann (RETIRED) gentoo-dev

2008-11-06 13:58:08 UTC

Note that the Ubuntu advisory [1] talks about "arbitrary code [execution] with root privileges", so maybe we need to reclassify this.

[1] http://www.ubuntu.com/usn/usn-662-1

Comment 10 Robert Buchholz (RETIRED) gentoo-dev

2008-11-06 16:33:40 UTC

CVE does so, too. Filed a request

Comment 11 Robert Buchholz (RETIRED) gentoo-dev

2009-01-11 00:48:29 UTC

GLSA 200901-01, sorry for delay.