From ${URL} : * Issue #1: Log file created with insecure (world-writable) permissions https://bugzilla.redhat.com/show_bug.cgi?id=911122 A security flaw was found in the way Trace module of WiMAX, an user space daemon for the Intel 2400m Wireless WiMAX link, used to set permissions when opening the log file (was created with world-readable / writable permissions). A local attacker could use this flaw to, in an unauthorized way, alter the content of WiMAX daemon log file (possibly leading to un-enforced actions to be performed by system administrator). * Issue #2: (OSAL crypt module): By setting encrypted password writes unencrypted passwords to log files https://bugzilla.redhat.com/show_bug.cgi?id=911121 A security flaw was found in the way OSAL crypt module of WiMAX, an user space daemon for the Intel 2400m Wireless WiMAX link, used to perform its internal encrypted password setting action (a failed attempt to set the encrypted password was logged into the WiMAX's log file with provided password logged in plaintext form). A local attacker could use this flaw to obtain sensitive information or conduct unauthorized actions on behalf of the user setting the encrypted password. * Issue #3: Supplicant agent ships RSA private key in the package https://bugzilla.redhat.com/show_bug.cgi?id=911126 A security flaw was found in the way supplicant agent of WiMAX, an user space daemon for the Intel 2400m Wireless WiMAX link, used to manage its private key (private key was shipped together with the source code). A local attacker could use this flaw to obtain security sensitive data or, to conduct actions on behalf of private key owner. * Issue #4: Three integer overflows, leading to heap-based buffer overflows when handling PDUs for L5 connections https://bugzilla.redhat.com/show_bug.cgi?id=911129 Three cases of integer overflow, leading to heap-based buffer overflow flaw, were found in the way socket dispatcher and connector modules for L5 connections of WiMAX, an user space daemon for the Intel 2400m Wireless WiMAX link, used to handle certain payload data units (PDUs) for L5 connections. A remote attacker could issue a connection request with specially-crafted PDU value that, when processed would lead to socket dispatcher / connector module crash or, potentially, arbitrary code execution with the privileges of the user running these modules. There are no patches for these issues yet. They were checked previously privately with Dan Williams and the suggestion was to file public bugs even when there are no patches available for these. @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
If I recall correctly, the oss-security discussion indicates upstream is long dead. PMASK here?
CVE-2013-4219 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4219): Multiple integer overflows in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices allow remote attackers to cause a denial of service (component crash) or possibly execute arbitrary code via an L5 connection with a crafted PDU value that triggers a heap-based buffer overflow within (1) L5SocketsDispatcher.c or (2) L5Connector.c. CVE-2013-4218 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4218): The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/SupplicantAgent.c in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses the same RSA private key in supplicant_key.pem on all systems, which allows local users to obtain sensitive information via unspecified decryption operations. CVE-2013-4217 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4217): The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices logs a cleartext password during certain attempts to set a password, which allows local users to obtain sensitive information by reading a log file. CVE-2013-4216 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4216): The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses world-writable permissions for wimaxd.log, which allows local users to cause a denial of service (data corruption) by modifying this file.
removed
Package was tree cleaned over a year ago.
Package has been removed from the tree for over a year. Closing.
