Gentoo Archives: gentoo-announce

From: Raphael Marichez <falco@g.o>
To: gentoo-announce@g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200706-04 ] MadWifi: Multiple vulnerabilities
Date: Mon, 11 Jun 2007 21:45:23
Message-Id: 20070611213129.GD16939@falco.falcal.net
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200706-04
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: MadWifi: Multiple vulnerabilities
9 Date: June 11, 2007
10 Bugs: #179532
11 ID: 200706-04
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been discovered in MadWifi, possibly
19 allowing for the execution of arbitrary code or a Denial of Service.
20
21 Background
22 ==========
23
24 The MadWifi driver provides support for Atheros based IEEE 802.11
25 Wireless Lan cards.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 net-wireless/madwifi-ng < 0.9.3.1 >= 0.9.3.1
34
35 Description
36 ===========
37
38 Md Sohail Ahmad from AirTight Networks has discovered a divison by zero
39 in the ath_beacon_config() function (CVE-2007-2830). The vendor has
40 corrected an input validation error in the
41 ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams()
42 functions(CVE-207-2831), and an input sanitization error when parsing
43 nested 802.3 Ethernet frame lengths (CVE-2007-2829).
44
45 Impact
46 ======
47
48 An attacker could send specially crafted packets to a vulnerable host
49 to exploit one of these vulnerabilities, possibly resulting in the
50 execution of arbitrary code with root privileges, or a Denial of
51 Service.
52
53 Workaround
54 ==========
55
56 There is no known workaround at this time.
57
58 Resolution
59 ==========
60
61 All MadWifi users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.3.1"
65
66 References
67 ==========
68
69 [ 1 ] CVE-2007-2829
70 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2829
71 [ 2 ] CVE-2007-2830
72 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2830
73 [ 3 ] CVE-2007-2831
74 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2831
75
76 Availability
77 ============
78
79 This GLSA and any updates to it are available for viewing at
80 the Gentoo Security Website:
81
82 http://security.gentoo.org/glsa/glsa-200706-04.xml
83
84 Concerns?
85 =========
86
87 Security is a primary focus of Gentoo Linux and ensuring the
88 confidentiality and security of our users machines is of utmost
89 importance to us. Any security concerns should be addressed to
90 security@g.o or alternatively, you may file a bug at
91 http://bugs.gentoo.org.
92
93 License
94 =======
95
96 Copyright 2007 Gentoo Foundation, Inc; referenced text
97 belongs to its owner(s).
98
99 The contents of this document are licensed under the
100 Creative Commons - Attribution / Share Alike license.
101
102 http://creativecommons.org/licenses/by-sa/2.5