7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.775 High
EPSS
Percentile
98.2%
A buffer overflow vulnerability exists in the Madwifi wireless driver. If successfully exploited, an attacker may be able to execute arbitrary code, or cause a denial-of-service condition.
The Madwifi driver is a Linux kernel device driver for Atheros-based 802.11 a/b/g compatible wireless LAN adapters. Linux distributions may include the Madwifi driver in their default installation, or as an optional package. Commercial access points and networking equipment may also use the Madwifi driver.
A buffer overflow vulnerability has been discovered in the Madwifi driver. This overflow occurs because the driver does not properly process the information element part of probe response management frames. An attacker within radio range may be able to trigger the overflow by sending a specially-crafted 802.11 management frame to a vulnerable system. Since 802.11b and 802.11g management frames are not encrypted or authenticated, using wireless encryption (WEP/WPA) does not mitigate this vulnerability.
This vulnerability, and the patch, are documented in Madwifi’s Changeset 1842:
A remote, unauthenticated attacker within 802.11 radio range may be able to execute arbitrary code with kernel privileges, or cause a denial-of-service condition.
Upgrade
The madwifi team has released an upgrade that addresses this issue. Users who do not compile their kernel from source should see the systems affected portion of this document for information about specific vendors.
Note that third party software repositories may also contain vulnerable versions of the Madwifi driver.
925529
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: December 08, 2006 Updated: December 11, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://www.gentoo.org/security/en/glsa/glsa-200612-09.xml> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23925529 Feedback>).
Updated: December 08, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 16, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://www.novell.com/linux/security/advisories/2006_74_madwifi.html> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23925529 Feedback>).
Notified: December 08, 2006 Updated: December 11, 2006
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 11, 2006
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 11, 2006
Not Affected
Openwall GNU/*/Linux is not vulnerable. We do not provide the Madwifi wireless driver.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 11, 2006
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: December 08, 2006 Updated: December 08, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
View all 23 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to the Madwifi Team for providing information about this vulnerability.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2006-6332 |
---|---|
Severity Metric: | 3.37 Date Public: |