Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200706-04
HistoryJun 11, 2007 - 12:00 a.m.

MadWifi: Multiple vulnerabilities

2007-06-1100:00:00
Gentoo Foundation
security.gentoo.org
11

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.099 Low

EPSS

Percentile

94.8%

JSON

Background

The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards.

Description

Md Sohail Ahmad from AirTight Networks has discovered a divison by zero in the ath_beacon_config() function (CVE-2007-2830). The vendor has corrected an input validation error in the ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams() functions(CVE-207-2831), and an input sanitization error when parsing nested 802.3 Ethernet frame lengths (CVE-2007-2829).

Impact

An attacker could send specially crafted packets to a vulnerable host to exploit one of these vulnerabilities, possibly resulting in the execution of arbitrary code with root privileges, or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All MadWifi users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.3.1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-wireless/madwifi-ng< 0.9.3.1UNKNOWN

Related

securityvulns 2
openvas 6
nessus 4
ubuntu 1
prion 3
ubuntucve 3
cve 3
securityvulns
securityvulns
MadWifi multiple security vulnerabilities
2007-06-22 00:00:00
[ MDKSA-2007:132 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities
2007-06-22 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200706-04 (madwifi-ng)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200706-04 (madwifi-ng)
2008-09-24 00:00:00
Mandriva Update for madwifi-source MDKSA-2007:132 (madwifi-source)
2009-04-09 00:00:00
nessus
nessus
GLSA-200706-04 : MadWifi: Multiple vulnerabilities
2007-06-12 00:00:00
Mandrake Linux Security Advisory : madwifi-source (MDKSA-2007:132)
2007-06-27 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-restricted-modules-2.6.15/.17/.20 vulnerabilities (USN-479-1)
2007-11-10 00:00:00
ubuntu
ubuntu
MadWifi vulnerabilities
2007-06-29 00:00:00
prion
prion
Code injection
2007-05-24 02:30:00
Null pointer dereference
2007-05-24 02:30:00
Design/Logic Flaw
2007-05-24 02:30:00
ubuntucve
ubuntucve
CVE-2007-2829
2007-05-24 00:00:00
CVE-2007-2831
2007-05-24 00:00:00
CVE-2007-2830
2007-05-24 00:00:00
cve
cve
CVE-2007-2829
2007-05-24 02:30:00
CVE-2007-2831
2007-05-24 02:30:00
CVE-2007-2830
2007-05-24 02:30:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.099 Low

EPSS

Percentile

94.8%

JSON
Related for GLSA-200706-04
securityvulns2openvas6nessus4ubuntu1prion3ubuntucve3cve3