{"id": "MANDRAKE_MDKSA-2007-132.NASL", "bulletinFamily": "scanner", "title": "Mandrake Linux Security Advisory : madwifi-source (MDKSA-2007:132)", "description": "The 802.11 network stack in MadWifi prior to 0.9.3.1 would alloa\nremote attackers to cause a denial of service (system hang) via a\ncrafted length field in nested 802.3 Ethernet frames in Fast Frame\npackets, which results in a NULL pointer dereference (CVE-2007-2829).\n\nThe ath_beacon_config function in MadWifi prior to 0.9.3.1 would allow\na remote attacker to cause a denial of service (system crash) via\ncrafted beacon interval information when scanning for access points,\nwhich triggered a divide-by-zero error (CVE-2007-2830).\n\nAn array index error in MadWifi prior to 0.9.3.1 would allow a local\nuser to cause a denial of service (system crash) and possibly obtain\nkerenl memory contents, as well as possibly allowing for the execution\nof arbitrary code via a large negative array index value\n(CVE-2007-2831).\n\nUpdated packages have been updated to 0.9.3.1 to correct these issues.\nWpa_supplicant is built using madwifi-source and has been rebuilt\nusing 0.9.3.1 source.", "published": "2007-06-27T00:00:00", "modified": "2007-06-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/25598", "reporter": "This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2007-2831", "CVE-2007-2829", "CVE-2007-2830"], "type": "nessus", "lastseen": "2021-01-07T11:51:44", "edition": 24, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2829", "CVE-2007-2831", "CVE-2007-2830"]}, {"type": "gentoo", "idList": ["GLSA-200706-04"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830107", "OPENVAS:840081", "OPENVAS:58307", "OPENVAS:830107"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7840", "SECURITYVULNS:DOC:17323"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200706-04.NASL", "UBUNTU_USN-479-1.NASL", "SUSE_MADWIFI-3897.NASL"]}, {"type": "ubuntu", "idList": ["USN-479-1"]}, {"type": "osvdb", "idList": ["OSVDB:36636", "OSVDB:36637", "OSVDB:36635"]}], "modified": "2021-01-07T11:51:44", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-01-07T11:51:44", "rev": 2}, "vulnersScore": 7.4}, "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:132. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25598);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-2829\", \"CVE-2007-2830\", \"CVE-2007-2831\");\n script_xref(name:\"MDKSA\", value:\"2007:132\");\n\n script_name(english:\"Mandrake Linux Security Advisory : madwifi-source (MDKSA-2007:132)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 802.11 network stack in MadWifi prior to 0.9.3.1 would alloa\nremote attackers to cause a denial of service (system hang) via a\ncrafted length field in nested 802.3 Ethernet frames in Fast Frame\npackets, which results in a NULL pointer dereference (CVE-2007-2829).\n\nThe ath_beacon_config function in MadWifi prior to 0.9.3.1 would allow\na remote attacker to cause a denial of service (system crash) via\ncrafted beacon interval information when scanning for access points,\nwhich triggered a divide-by-zero error (CVE-2007-2830).\n\nAn array index error in MadWifi prior to 0.9.3.1 would allow a local\nuser to cause a denial of service (system crash) and possibly obtain\nkerenl memory contents, as well as possibly allowing for the execution\nof arbitrary code via a large negative array index value\n(CVE-2007-2831).\n\nUpdated packages have been updated to 0.9.3.1 to correct these issues.\nWpa_supplicant is built using madwifi-source and has been rebuilt\nusing 0.9.3.1 source.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected madwifi-source, wpa_gui and / or wpa_supplicant\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wpa_gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"madwifi-source-0.9.3.1-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"wpa_gui-0.5.5-2.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"wpa_supplicant-0.5.5-2.2mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"madwifi-source-0.9.3.1-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"wpa_gui-0.5.7-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"wpa_supplicant-0.5.7-1.2mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "25598", "cpe": ["cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:wpa_supplicant", "p-cpe:/a:mandriva:linux:madwifi-source", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:wpa_gui"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:26:06", "description": "Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.", "edition": 5, "cvss3": {}, "published": "2007-05-24T02:30:00", "title": "CVE-2007-2831", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2831"], "modified": "2018-10-16T16:45:00", "cpe": ["cpe:/a:madwifi:madwifi:0.9.1", "cpe:/a:madwifi:madwifi:0.9.3", "cpe:/a:madwifi:madwifi:0.9.0", "cpe:/a:madwifi:madwifi:0.9.2.1", "cpe:/a:madwifi:madwifi:0.9.2"], "id": "CVE-2007-2831", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2831", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:madwifi:madwifi:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:06", "description": "The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference.", "edition": 5, "cvss3": {}, "published": "2007-05-24T02:30:00", "title": "CVE-2007-2829", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2829"], "modified": "2018-10-16T16:45:00", "cpe": ["cpe:/a:madwifi:madwifi:0.9.1", "cpe:/a:madwifi:madwifi:0.9.3", "cpe:/a:madwifi:madwifi:0.9.0", "cpe:/a:madwifi:madwifi:0.9.2.1", "cpe:/a:madwifi:madwifi:0.9.2"], "id": "CVE-2007-2829", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2829", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:madwifi:madwifi:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:06", "description": "The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.", "edition": 5, "cvss3": {}, "published": "2007-05-24T02:30:00", "title": "CVE-2007-2830", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2830"], "modified": "2018-10-16T16:45:00", "cpe": ["cpe:/a:madwifi:madwifi:0.9.1", "cpe:/a:madwifi:madwifi:0.9.3", "cpe:/a:madwifi:madwifi:0.9.0", "cpe:/a:madwifi:madwifi:0.9.2.1", "cpe:/a:madwifi:madwifi:0.9.2"], "id": "CVE-2007-2830", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2830", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:madwifi:madwifi:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.2:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:06", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2831", "CVE-2007-2829", "CVE-2007-2830"], "description": "### Background\n\nThe MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. \n\n### Description\n\nMd Sohail Ahmad from AirTight Networks has discovered a divison by zero in the ath_beacon_config() function (CVE-2007-2830). The vendor has corrected an input validation error in the ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams() functions(CVE-207-2831), and an input sanitization error when parsing nested 802.3 Ethernet frame lengths (CVE-2007-2829). \n\n### Impact\n\nAn attacker could send specially crafted packets to a vulnerable host to exploit one of these vulnerabilities, possibly resulting in the execution of arbitrary code with root privileges, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll MadWifi users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-wireless/madwifi-ng-0.9.3.1\"", "edition": 1, "modified": "2007-06-11T00:00:00", "published": "2007-06-11T00:00:00", "id": "GLSA-200706-04", "href": "https://security.gentoo.org/glsa/200706-04", "type": "gentoo", "title": "MadWifi: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2831", "CVE-2007-2829", "CVE-2007-2830"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200706-04.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:58307", "href": "http://plugins.openvas.org/nasl.php?oid=58307", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200706-04 (madwifi-ng)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in MadWifi, possibly allowing\nfor the execution of arbitrary code or a Denial of Service.\";\ntag_solution = \"All MadWifi users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-wireless/madwifi-ng-0.9.3.1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200706-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=179532\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200706-04.\";\n\n \n\nif(description)\n{\n script_id(58307);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-2829\", \"CVE-2007-2830\", \"CVE-2007-2831\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200706-04 (madwifi-ng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-wireless/madwifi-ng\", unaffected: make_list(\"ge 0.9.3.1\"), vulnerable: make_list(\"lt 0.9.3.1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-2831", "CVE-2007-2831", "CVE-2007-2829", "CVE-2007-2830", "CVE-2006-2830"], "description": "Check for the Version of madwifi-source", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830107", "type": "openvas", "title": "Mandriva Update for madwifi-source MDKSA-2007:132 (madwifi-source)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for madwifi-source MDKSA-2007:132 (madwifi-source)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The 802.11 network stack in MadWifi prior to 0.9.3.1 would alloa remote\n attackers to cause a denial of service (system hang) via a crafted\n length field in nested 802.3 Ethernet frames in Fast Frame packets,\n which results in a NULL pointer dereference (CVE-2007-2829).\n\n The ath_beacon_config function in MadWifi prior to 0.9.3.1 would\n allow a remote attacker to cause a denial of service (system crash)\n via crafted beacon interval information when scanning for access\n points, which triggered a divide-by-zero error (CVE-2007-2830).\n \n An array index error in MadWifi prior to 0.9.3.1 would allow a\n local user to cause a denial of service (system crash) and possibly\n obtain kerenl memory contents, as well as possibly allowing for the\n execution of arbitrary code via a large negative array index value\n (CVE-2007-2831).\n \n Updated packages have been updated to 0.9.3.1 to correct these\n issues. Wpa_supplicant is built using madwifi-source and has been\n rebuilt using 0.9.3.1 source.\";\n\ntag_affected = \"madwifi-source on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-06/msg00034.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830107\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:132\");\n script_cve_id(\"CVE-2007-2829\", \"CVE-2007-2830\", \"CVE-2007-2831\", \"CVE-2006-2830\", \"CVE-2006-2831\");\n script_name( \"Mandriva Update for madwifi-source MDKSA-2007:132 (madwifi-source)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of madwifi-source\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"madwifi-source\", rpm:\"madwifi-source~0.9.3.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_gui\", rpm:\"wpa_gui~0.5.7~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~0.5.7~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"madwifi-source\", rpm:\"madwifi-source~0.9.3.1~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_gui\", rpm:\"wpa_gui~0.5.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~0.5.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-2831", "CVE-2007-2831", "CVE-2007-2829", "CVE-2007-2830", "CVE-2006-2830"], "description": "Check for the Version of madwifi-source", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830107", "href": "http://plugins.openvas.org/nasl.php?oid=830107", "type": "openvas", "title": "Mandriva Update for madwifi-source MDKSA-2007:132 (madwifi-source)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for madwifi-source MDKSA-2007:132 (madwifi-source)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The 802.11 network stack in MadWifi prior to 0.9.3.1 would alloa remote\n attackers to cause a denial of service (system hang) via a crafted\n length field in nested 802.3 Ethernet frames in Fast Frame packets,\n which results in a NULL pointer dereference (CVE-2007-2829).\n\n The ath_beacon_config function in MadWifi prior to 0.9.3.1 would\n allow a remote attacker to cause a denial of service (system crash)\n via crafted beacon interval information when scanning for access\n points, which triggered a divide-by-zero error (CVE-2007-2830).\n \n An array index error in MadWifi prior to 0.9.3.1 would allow a\n local user to cause a denial of service (system crash) and possibly\n obtain kerenl memory contents, as well as possibly allowing for the\n execution of arbitrary code via a large negative array index value\n (CVE-2007-2831).\n \n Updated packages have been updated to 0.9.3.1 to correct these\n issues. Wpa_supplicant is built using madwifi-source and has been\n rebuilt using 0.9.3.1 source.\";\n\ntag_affected = \"madwifi-source on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-06/msg00034.php\");\n script_id(830107);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:132\");\n script_cve_id(\"CVE-2007-2829\", \"CVE-2007-2830\", \"CVE-2007-2831\", \"CVE-2006-2830\", \"CVE-2006-2831\");\n script_name( \"Mandriva Update for madwifi-source MDKSA-2007:132 (madwifi-source)\");\n\n script_summary(\"Check for the Version of madwifi-source\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"madwifi-source\", rpm:\"madwifi-source~0.9.3.1~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_gui\", rpm:\"wpa_gui~0.5.7~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~0.5.7~1.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"madwifi-source\", rpm:\"madwifi-source~0.9.3.1~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_gui\", rpm:\"wpa_gui~0.5.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~0.5.5~2.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2831", "CVE-2006-7179", "CVE-2007-2829", "CVE-2007-2830", "CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7180"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-479-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840081", "href": "http://plugins.openvas.org/nasl.php?oid=840081", "type": "openvas", "title": "Ubuntu Update for linux-restricted-modules-2.6.15/.17/.20 vulnerabilities USN-479-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_479_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for linux-restricted-modules-2.6.15/.17/.20 vulnerabilities USN-479-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple flaws in the MadWifi driver were discovered that could lead\n to a system crash. A physically near-by attacker could generate\n specially crafted wireless network traffic and cause a denial of\n service. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829,\n CVE-2007-2830)\n\n A flaw was discovered in the MadWifi driver that would allow unencrypted\n network traffic to be sent prior to finishing WPA authentication.\n A physically near-by attacker could capture this, leading to a loss of\n privacy, denial of service, or network spoofing. (CVE-2006-7180)\n \n A flaw was discovered in the MadWifi driver's ioctl handling. A local\n attacker could read kernel memory, or crash the system, leading to a\n denial of service. (CVE-2007-2831)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-479-1\";\ntag_affected = \"linux-restricted-modules-2.6.15/.17/.20 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-479-1/\");\n script_id(840081);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"479-1\");\n script_cve_id(\"CVE-2006-7177\", \"CVE-2006-7178\", \"CVE-2006-7179\", \"CVE-2006-7180\", \"CVE-2007-2829\", \"CVE-2007-2830\", \"CVE-2007-2831\");\n script_name( \"Ubuntu Update for linux-restricted-modules-2.6.15/.17/.20 vulnerabilities USN-479-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"avm-fritz-firmware\", ver:\"2.6.20-16_3.11+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"avm-fritz-kernel-source\", ver:\"3.11+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fglrx-control\", ver:\"8.34.8+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fglrx-kernel-source\", ver:\"8.34.8+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.20-16-386_2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.20-16-generic_2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.20-16-lowlatency_2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-dev\", ver:\"1.0.9631+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy-dev\", ver:\"1.0.7184+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy\", ver:\"1.0.7184+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-new-dev\", ver:\"1.0.9755+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-new\", ver:\"1.0.9755+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx\", ver:\"1.0.9631+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-kernel-source\", ver:\"1.0.9631+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-legacy-kernel-source\", ver:\"1.0.7184+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-new-kernel-source\", ver:\"1.0.9755+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vmware-player-kernel-modules\", ver:\"2.6.20-16_2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vmware-server-kernel-modules\", ver:\"2.6.20-16_2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vmware-tools-kernel-modules\", ver:\"2.6.20-16_2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx-dev\", ver:\"7.1.0-8.34.8+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx\", ver:\"7.1.0-8.34.8+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules-common\", ver:\"2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"avm-fritz-firmware\", ver:\"2.6.15-28_3.11+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"avm-fritz-kernel-source\", ver:\"3.11+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fglrx-control\", ver:\"8.25.18+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fglrx-kernel-source\", ver:\"8.25.18+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.15-28-386_2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.15-28-686_2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.15-28-k7_2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-dev\", ver:\"1.0.8776+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy-dev\", ver:\"1.0.7174+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy\", ver:\"1.0.7174+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx\", ver:\"1.0.8776+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-kernel-source\", ver:\"1.0.8776+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-legacy-kernel-source\", ver:\"1.0.7174+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx-dev\", ver:\"7.0.0-8.25.18+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx\", ver:\"7.0.0-8.25.18+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules-common\", ver:\"2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"avm-fritz-firmware\", ver:\"2.6.17-11_3.11+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"avm-fritz-kernel-source\", ver:\"3.11+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fglrx-control\", ver:\"8.28.8+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fglrx-kernel-source\", ver:\"8.28.8+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.17-11-386_2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.17-11-generic_2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-dev\", ver:\"1.0.8776+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy-dev\", ver:\"1.0.7184+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy\", ver:\"1.0.7184+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx\", ver:\"1.0.8776+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-kernel-source\", ver:\"1.0.8776+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-legacy-kernel-source\", ver:\"1.0.7184+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vmware-player-kernel-modules\", ver:\"2.6.17-11_2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx-dev\", ver:\"7.1.0-8.28.8+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx\", ver:\"7.1.0-8.28.8+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules-common\", ver:\"2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "cvelist": ["CVE-2007-2831", "CVE-2007-2829", "CVE-2007-2830"], "description": "DoS on different frames parsing, local array index overflow.", "edition": 1, "modified": "2007-06-22T00:00:00", "published": "2007-06-22T00:00:00", "id": "SECURITYVULNS:VULN:7840", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7840", "title": "MadWifi multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2831", "CVE-2007-2831", "CVE-2007-2829", "CVE-2007-2830", "CVE-2006-2830"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2007:132\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : madwifi-source\r\n Date : June 21, 2007\r\n Affected: 2007.0, 2007.1\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n The 802.11 network stack in MadWifi prior to 0.9.3.1 would alloa remote\r\n attackers to cause a denial of service &#40;system hang&#41; via a crafted\r\n length field in nested 802.3 Ethernet frames in Fast Frame packets,\r\n which results in a NULL pointer dereference &#40;CVE-2007-2829&#41;.\r\n \r\n The ath_beacon_config function in MadWifi prior to 0.9.3.1 would\r\n allow a remote attacker to cause a denial of service &#40;system crash&#41;\r\n via crafted beacon interval information when scanning for access\r\n points, which triggered a divide-by-zero error &#40;CVE-2007-2830&#41;.\r\n \r\n An array index error in MadWifi prior to 0.9.3.1 would allow a\r\n local user to cause a denial of service &#40;system crash&#41; and possibly\r\n obtain kerenl memory contents, as well as possibly allowing for the\r\n execution of arbitrary code via a large negative array index value\r\n &#40;CVE-2007-2831&#41;.\r\n \r\n Updated packages have been updated to 0.9.3.1 to correct these\r\n issues. Wpa_supplicant is built using madwifi-source and has been\r\n rebuilt using 0.9.3.1 source.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2829\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2830\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2831\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2007.0:\r\n 12348dbfba8628bfa7594209190591eb 2007.0/i586/madwifi-source-0.9.3.1-1.1mdv2007.0.noarch.rpm\r\n 69f23c96b9e5419bb9add4553b875cce 2007.0/i586/wpa_gui-0.5.5-2.2mdv2007.0.i586.rpm\r\n d09b5b0e4f5fdf4fc4db948dbffea169 2007.0/i586/wpa_supplicant-0.5.5-2.2mdv2007.0.i586.rpm \r\n cbcd53386bcfebff8d220b27059e6b69 2007.0/SRPMS/madwifi-source-0.9.3.1-1.1mdv2007.0.src.rpm\r\n 59139f14e119e5c205df03a02771f070 2007.0/SRPMS/wpa_supplicant-0.5.5-2.2mdv2007.0.src.rpm\r\n\r\n Mandriva Linux 2007.0/X86_64:\r\n 12348dbfba8628bfa7594209190591eb 2007.0/x86_64/madwifi-source-0.9.3.1-1.1mdv2007.0.noarch.rpm\r\n f17c658cae2dcfe6b3e97607584a2f2a 2007.0/x86_64/wpa_gui-0.5.5-2.2mdv2007.0.x86_64.rpm\r\n 71d9dc132a98d7113013e7a49459211d 2007.0/x86_64/wpa_supplicant-0.5.5-2.2mdv2007.0.x86_64.rpm \r\n cbcd53386bcfebff8d220b27059e6b69 2007.0/SRPMS/madwifi-source-0.9.3.1-1.1mdv2007.0.src.rpm\r\n 59139f14e119e5c205df03a02771f070 2007.0/SRPMS/wpa_supplicant-0.5.5-2.2mdv2007.0.src.rpm\r\n\r\n Mandriva Linux 2007.1:\r\n 1b51de79156fce38f5a8d1310632e2a4 2007.1/i586/madwifi-source-0.9.3.1-1.1mdv2007.1.noarch.rpm\r\n 32a18c21ab8217e4a076e9a2070b9c9b 2007.1/i586/wpa_gui-0.5.7-1.2mdv2007.1.i586.rpm\r\n b11c90cf4a982d3651cc5485198dd4d1 2007.1/i586/wpa_supplicant-0.5.7-1.2mdv2007.1.i586.rpm \r\n e7d7710a93440902d0ccd7b90ea6e939 2007.1/SRPMS/madwifi-source-0.9.3.1-1.1mdv2007.1.src.rpm\r\n 866afdd304a0bf415823a5db06b95066 2007.1/SRPMS/wpa_supplicant-0.5.7-1.2mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2007.1/X86_64:\r\n 1b51de79156fce38f5a8d1310632e2a4 2007.1/x86_64/madwifi-source-0.9.3.1-1.1mdv2007.1.noarch.rpm\r\n 4ad0a1957ce6d6cf9a3608f6d1dacb31 2007.1/x86_64/wpa_gui-0.5.7-1.2mdv2007.1.x86_64.rpm\r\n 04cb9776f30939ee111f4c6004da311a 2007.1/x86_64/wpa_supplicant-0.5.7-1.2mdv2007.1.x86_64.rpm \r\n e7d7710a93440902d0ccd7b90ea6e939 2007.1/SRPMS/madwifi-source-0.9.3.1-1.1mdv2007.1.src.rpm\r\n 866afdd304a0bf415823a5db06b95066 2007.1/SRPMS/wpa_supplicant-0.5.7-1.2mdv2007.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFGeqEAmqjQ0CJFipgRAiUyAKCjNba+Ry7Xy+M/Ny8a91n6Crs72wCgk5i+\r\nu+bHITE9fMYKWTw0EDsgDB4=\r\n=c4ce\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2007-06-22T00:00:00", "published": "2007-06-22T00:00:00", "id": "SECURITYVULNS:DOC:17323", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17323", "title": "[ MDKSA-2007:132 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T10:52:13", "description": "The remote host is affected by the vulnerability described in GLSA-200706-04\n(MadWifi: Multiple vulnerabilities)\n\n Md Sohail Ahmad from AirTight Networks has discovered a divison by zero\n in the ath_beacon_config() function (CVE-2007-2830). The vendor has\n corrected an input validation error in the\n ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams()\n functions(CVE-2007-2831), and an input sanitization error when parsing\n nested 802.3 Ethernet frame lengths (CVE-2007-2829).\n \nImpact :\n\n An attacker could send specially crafted packets to a vulnerable host\n to exploit one of these vulnerabilities, possibly resulting in the\n execution of arbitrary code with root privileges, or a Denial of\n Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2007-06-12T00:00:00", "title": "GLSA-200706-04 : MadWifi: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2831", "CVE-2007-2829", "CVE-2007-2830"], "modified": "2007-06-12T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:madwifi-ng"], "id": "GENTOO_GLSA-200706-04.NASL", "href": "https://www.tenable.com/plugins/nessus/25474", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200706-04.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25474);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-2829\", \"CVE-2007-2830\", \"CVE-2007-2831\");\n script_xref(name:\"GLSA\", value:\"200706-04\");\n\n script_name(english:\"GLSA-200706-04 : MadWifi: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200706-04\n(MadWifi: Multiple vulnerabilities)\n\n Md Sohail Ahmad from AirTight Networks has discovered a divison by zero\n in the ath_beacon_config() function (CVE-2007-2830). The vendor has\n corrected an input validation error in the\n ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams()\n functions(CVE-2007-2831), and an input sanitization error when parsing\n nested 802.3 Ethernet frame lengths (CVE-2007-2829).\n \nImpact :\n\n An attacker could send specially crafted packets to a vulnerable host\n to exploit one of these vulnerabilities, possibly resulting in the\n execution of arbitrary code with root privileges, or a Denial of\n Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200706-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MadWifi users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-wireless/madwifi-ng-0.9.3.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:madwifi-ng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/05/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-wireless/madwifi-ng\", unaffected:make_list(\"ge 0.9.3.1\"), vulnerable:make_list(\"lt 0.9.3.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MadWifi\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:44:00", "description": "Multiple flaws in the MadWifi driver were discovered that could lead\nto a system crash. A physically near-by attacker could generate\nspecially crafted wireless network traffic and cause a denial of\nservice. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829,\nCVE-2007-2830)\n\nA flaw was discovered in the MadWifi driver that would allow\nunencrypted network traffic to be sent prior to finishing WPA\nauthentication. A physically near-by attacker could capture this,\nleading to a loss of privacy, denial of service, or network spoofing.\n(CVE-2006-7180)\n\nA flaw was discovered in the MadWifi driver's ioctl handling. A local\nattacker could read kernel memory, or crash the system, leading to a\ndenial of service. (CVE-2007-2831).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-restricted-modules-2.6.15/.17/.20 vulnerabilities (USN-479-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2831", "CVE-2006-7179", "CVE-2007-2829", "CVE-2007-2830", "CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7180"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:nvidia-glx", "p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common", "p-cpe:/a:canonical:ubuntu_linux:fglrx-control", "p-cpe:/a:canonical:ubuntu_linux:vmware-player-kernel-modules-2.6.20-16", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev", "p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.17-11", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source", "p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx", "p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy", "p-cpe:/a:canonical:ubuntu_linux:vmware-server-kernel-modules-2.6.20-16", "p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.20-16", "p-cpe:/a:canonical:ubuntu_linux:vmware-tools-kernel-modules-2.6.20-16", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new-dev", "p-cpe:/a:canonical:ubuntu_linux:nvidia-new-kernel-source", "cpe:/o:canonical:ubuntu_linux:7.04", "p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev", "p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-28", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "p-cpe:/a:canonical:ubuntu_linux:vmware-player-kernel-modules-2.6.17-11"], "id": "UBUNTU_USN-479-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-479-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28080);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-7177\", \"CVE-2006-7178\", \"CVE-2006-7179\", \"CVE-2006-7180\", \"CVE-2007-2829\", \"CVE-2007-2830\", \"CVE-2007-2831\");\n script_xref(name:\"USN\", value:\"479-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-restricted-modules-2.6.15/.17/.20 vulnerabilities (USN-479-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws in the MadWifi driver were discovered that could lead\nto a system crash. A physically near-by attacker could generate\nspecially crafted wireless network traffic and cause a denial of\nservice. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829,\nCVE-2007-2830)\n\nA flaw was discovered in the MadWifi driver that would allow\nunencrypted network traffic to be sent prior to finishing WPA\nauthentication. A physically near-by attacker could capture this,\nleading to a loss of privacy, denial of service, or network spoofing.\n(CVE-2006-7180)\n\nA flaw was discovered in the MadWifi driver's ioctl handling. A local\nattacker could read kernel memory, or crash the system, leading to a\ndenial of service. (CVE-2007-2831).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/479-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.17-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.20-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fglrx-control\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-new-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vmware-player-kernel-modules-2.6.17-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vmware-player-kernel-modules-2.6.20-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vmware-server-kernel-modules-2.6.20-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vmware-tools-kernel-modules-2.6.20-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2021 Canonical, Inc. / NASL script (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2006-7177\", \"CVE-2006-7178\", \"CVE-2006-7179\", \"CVE-2006-7180\", \"CVE-2007-2829\", \"CVE-2007-2830\", \"CVE-2007-2831\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-479-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"avm-fritz-firmware-2.6.15-28\", pkgver:\"3.11+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"avm-fritz-kernel-source\", pkgver:\"3.11+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"fglrx-control\", pkgver:\"8.25.18+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"fglrx-kernel-source\", pkgver:\"8.25.18+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-28-386\", pkgver:\"2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-28-686\", pkgver:\"2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-28-amd64-generic\", pkgver:\"2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-28-amd64-k8\", pkgver:\"2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-28-amd64-xeon\", pkgver:\"2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-common\", pkgver:\"2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx\", pkgver:\"1.0.8776+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx-dev\", pkgver:\"1.0.8776+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx-legacy\", pkgver:\"1.0.7174+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx-legacy-dev\", pkgver:\"1.0.7174+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-kernel-source\", pkgver:\"1.0.8776+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-legacy-kernel-source\", pkgver:\"1.0.7174+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"xorg-driver-fglrx\", pkgver:\"7.0.0-8.25.18+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"xorg-driver-fglrx-dev\", pkgver:\"7.0.0-8.25.18+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"avm-fritz-firmware-2.6.17-11\", pkgver:\"3.11+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"avm-fritz-kernel-source\", pkgver:\"3.11+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"fglrx-control\", pkgver:\"8.28.8+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"fglrx-kernel-source\", pkgver:\"8.28.8+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"linux-restricted-modules-2.6.17-11-386\", pkgver:\"2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"linux-restricted-modules-2.6.17-11-generic\", pkgver:\"2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"linux-restricted-modules-common\", pkgver:\"2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nvidia-glx\", pkgver:\"1.0.8776+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nvidia-glx-dev\", pkgver:\"1.0.8776+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nvidia-glx-legacy\", pkgver:\"1.0.7184+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nvidia-glx-legacy-dev\", pkgver:\"1.0.7184+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nvidia-kernel-source\", pkgver:\"1.0.8776+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nvidia-legacy-kernel-source\", pkgver:\"1.0.7184+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vmware-player-kernel-modules-2.6.17-11\", pkgver:\"2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"xorg-driver-fglrx\", pkgver:\"7.1.0-8.28.8+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"xorg-driver-fglrx-dev\", pkgver:\"7.1.0-8.28.8+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"avm-fritz-firmware-2.6.20-16\", pkgver:\"3.11+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"avm-fritz-kernel-source\", pkgver:\"3.11+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"fglrx-control\", pkgver:\"8.34.8+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"fglrx-kernel-source\", pkgver:\"8.34.8+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-restricted-modules-2.6.20-16-386\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-restricted-modules-2.6.20-16-generic\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-restricted-modules-2.6.20-16-lowlatency\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-restricted-modules-common\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-glx\", pkgver:\"1.0.9631+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-glx-dev\", pkgver:\"1.0.9631+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-glx-legacy\", pkgver:\"1.0.7184+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-glx-legacy-dev\", pkgver:\"1.0.7184+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-glx-new\", pkgver:\"1.0.9755+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-glx-new-dev\", pkgver:\"1.0.9755+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-kernel-source\", pkgver:\"1.0.9631+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-legacy-kernel-source\", pkgver:\"1.0.7184+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-new-kernel-source\", pkgver:\"1.0.9755+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vmware-player-kernel-modules-2.6.20-16\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vmware-server-kernel-modules-2.6.20-16\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vmware-tools-kernel-modules-2.6.20-16\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"xorg-driver-fglrx\", pkgver:\"7.1.0-8.34.8+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"xorg-driver-fglrx-dev\", pkgver:\"7.1.0-8.34.8+2.6.20.5-16.29\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"avm-fritz-firmware-2.6.15-28 / avm-fritz-firmware-2.6.17-11 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:34", "description": "The madwifi driver and userland packages were updated to 0.9.3.1.\nPlease note that while the RPM version still says '0.9.3', the content\nis the 0.9.3.1 version.\n\nThis updates fixes following security problems :\n\n - The 802.11 network stack in net80211/ieee80211_input.c\n in MadWifi before 0.9.3.1 allows remote attackers to\n cause a denial of service (system hang) via a crafted\n length field in nested 802.3 Ethernet frames in Fast\n Frame packets, which results in a NULL pointer\n dereference. (CVE-2007-2829)\n\n - The ath_beacon_config function in if_ath.c in MadWifi\n before 0.9.3.1 allows remote attackers to cause a denial\n of service (system crash) via crafted beacon interval\n information when scanning for access points, which\n triggers a divide-by-zero error. (CVE-2007-2830)\n\n - Array index error in the (1)\n ieee80211_ioctl_getwmmparams and (2)\n ieee80211_ioctl_setwmmparams functions in\n net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1\n allows local users to cause a denial of service (system\n crash), possibly obtain kernel memory contents, and\n possibly execute arbitrary code via a large negative\n array index value. (CVE-2007-2831)\n\n'remote attackers' are attackers within range of the WiFi reception of\nthe card.\n\nPlease note that the problems fixed in 0.9.3 were fixed by the madwifi\nVersion upgrade to 0.9.3 in SLE10 Service Pack 1. (CVE-2005-4835 /\nCVE-2006-7177 / CVE-2006-7178 / CVE-2006-7179 / CVE-2006-7180).", "edition": 24, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : madwifi (ZYPP Patch Number 3897)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2831", "CVE-2006-7179", "CVE-2007-2829", "CVE-2007-2830", "CVE-2005-4835", "CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7180"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MADWIFI-3897.NASL", "href": "https://www.tenable.com/plugins/nessus/29517", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29517);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-4835\", \"CVE-2006-7177\", \"CVE-2006-7178\", \"CVE-2006-7179\", \"CVE-2006-7180\", \"CVE-2007-2829\", \"CVE-2007-2830\", \"CVE-2007-2831\");\n\n script_name(english:\"SuSE 10 Security Update : madwifi (ZYPP Patch Number 3897)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The madwifi driver and userland packages were updated to 0.9.3.1.\nPlease note that while the RPM version still says '0.9.3', the content\nis the 0.9.3.1 version.\n\nThis updates fixes following security problems :\n\n - The 802.11 network stack in net80211/ieee80211_input.c\n in MadWifi before 0.9.3.1 allows remote attackers to\n cause a denial of service (system hang) via a crafted\n length field in nested 802.3 Ethernet frames in Fast\n Frame packets, which results in a NULL pointer\n dereference. (CVE-2007-2829)\n\n - The ath_beacon_config function in if_ath.c in MadWifi\n before 0.9.3.1 allows remote attackers to cause a denial\n of service (system crash) via crafted beacon interval\n information when scanning for access points, which\n triggers a divide-by-zero error. (CVE-2007-2830)\n\n - Array index error in the (1)\n ieee80211_ioctl_getwmmparams and (2)\n ieee80211_ioctl_setwmmparams functions in\n net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1\n allows local users to cause a denial of service (system\n crash), possibly obtain kernel memory contents, and\n possibly execute arbitrary code via a large negative\n array index value. (CVE-2007-2831)\n\n'remote attackers' are attackers within range of the WiFi reception of\nthe card.\n\nPlease note that the problems fixed in 0.9.3 were fixed by the madwifi\nVersion upgrade to 0.9.3 in SLE10 Service Pack 1. (CVE-2005-4835 /\nCVE-2006-7177 / CVE-2006-7178 / CVE-2006-7179 / CVE-2006-7180).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2005-4835.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-7177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-7178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-7179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-7180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2831.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 3897.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"madwifi-0.9.3-6.11\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"madwifi-kmp-default-0.9.3_2.6.16.46_0.16-6.11\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"madwifi-kmp-smp-0.9.3_2.6.16.46_0.16-6.11\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"madwifi-kmp-bigsmp-0.9.3_2.6.16.46_0.16-6.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-08T23:41:58", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2831", "CVE-2006-7179", "CVE-2007-2829", "CVE-2007-2830", "CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7180"], "description": "Multiple flaws in the MadWifi driver were discovered that could lead \nto a system crash. A physically near-by attacker could generate \nspecially crafted wireless network traffic and cause a denial of \nservice. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829, \nCVE-2007-2830)\n\nA flaw was discovered in the MadWifi driver that would allow unencrypted \nnetwork traffic to be sent prior to finishing WPA authentication. \nA physically near-by attacker could capture this, leading to a loss of \nprivacy, denial of service, or network spoofing. (CVE-2006-7180)\n\nA flaw was discovered in the MadWifi driver's ioctl handling. A local \nattacker could read kernel memory, or crash the system, leading to a \ndenial of service. (CVE-2007-2831)", "edition": 6, "modified": "2007-06-29T00:00:00", "published": "2007-06-29T00:00:00", "id": "USN-479-1", "href": "https://ubuntu.com/security/notices/USN-479-1", "title": "MadWifi vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-2829"], "description": "## Solution Description\nUpgrade to version 0.9.3.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://madwifi.org/wiki/Security\nVendor Specific News/Changelog Entry: http://madwifi.org/ticket/1335\n[Secunia Advisory ID:25339](https://secuniaresearch.flexerasoftware.com/advisories/25339/)\n[Secunia Advisory ID:26083](https://secuniaresearch.flexerasoftware.com/advisories/26083/)\n[Secunia Advisory ID:25763](https://secuniaresearch.flexerasoftware.com/advisories/25763/)\n[Secunia Advisory ID:25622](https://secuniaresearch.flexerasoftware.com/advisories/25622/)\n[Secunia Advisory ID:25861](https://secuniaresearch.flexerasoftware.com/advisories/25861/)\n[Related OSVDB ID: 36636](https://vulners.com/osvdb/OSVDB:36636)\n[Related OSVDB ID: 36637](https://vulners.com/osvdb/OSVDB:36637)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200706-04.xml\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:132\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00009.html\nOther Advisory URL: http://madwifi.org/wiki/Releases/0.9.3.1\nOther Advisory URL: http://www.ubuntu.com/usn/usn-479-1\nISS X-Force ID: 34455\nFrSIRT Advisory: ADV-2007-1919\n[CVE-2007-2829](https://vulners.com/cve/CVE-2007-2829)\nBugtraq ID: 24114\n", "edition": 1, "modified": "2007-05-23T11:18:49", "published": "2007-05-23T11:18:49", "href": "https://vulners.com/osvdb/OSVDB:36635", "id": "OSVDB:36635", "title": "MadWifi net80211/ieee80211_input.c 802.3 Ethernet Frame Handling Remote DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-2831"], "description": "## Solution Description\nUpgrade to version 0.9.3.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://madwifi.org/ticket/1334\nVendor Specific News/Changelog Entry: http://madwifi.org/wiki/Security\n[Secunia Advisory ID:25339](https://secuniaresearch.flexerasoftware.com/advisories/25339/)\n[Secunia Advisory ID:26083](https://secuniaresearch.flexerasoftware.com/advisories/26083/)\n[Secunia Advisory ID:25763](https://secuniaresearch.flexerasoftware.com/advisories/25763/)\n[Secunia Advisory ID:25622](https://secuniaresearch.flexerasoftware.com/advisories/25622/)\n[Secunia Advisory ID:25861](https://secuniaresearch.flexerasoftware.com/advisories/25861/)\n[Related OSVDB ID: 36636](https://vulners.com/osvdb/OSVDB:36636)\n[Related OSVDB ID: 36635](https://vulners.com/osvdb/OSVDB:36635)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200706-04.xml\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:132\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00009.html\nOther Advisory URL: http://madwifi.org/wiki/Releases/0.9.3.1\nOther Advisory URL: http://www.ubuntu.com/usn/usn-479-1\nISS X-Force ID: 34453\nFrSIRT Advisory: ADV-2007-1919\n[CVE-2007-2831](https://vulners.com/cve/CVE-2007-2831)\nBugtraq ID: 24114\n", "edition": 1, "modified": "2007-05-23T11:18:49", "published": "2007-05-23T11:18:49", "href": "https://vulners.com/osvdb/OSVDB:36637", "id": "OSVDB:36637", "title": "MadWifi net80211/ieee80211_wireless.c Multiple Functions Array Index Error", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-2830"], "description": "## Solution Description\nUpgrade to version 0.9.3.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://madwifi.org/wiki/Security\nVendor Specific News/Changelog Entry: http://madwifi.org/ticket/1270\n[Secunia Advisory ID:25339](https://secuniaresearch.flexerasoftware.com/advisories/25339/)\n[Secunia Advisory ID:26083](https://secuniaresearch.flexerasoftware.com/advisories/26083/)\n[Secunia Advisory ID:25763](https://secuniaresearch.flexerasoftware.com/advisories/25763/)\n[Secunia Advisory ID:25622](https://secuniaresearch.flexerasoftware.com/advisories/25622/)\n[Secunia Advisory ID:25861](https://secuniaresearch.flexerasoftware.com/advisories/25861/)\n[Related OSVDB ID: 36635](https://vulners.com/osvdb/OSVDB:36635)\n[Related OSVDB ID: 36637](https://vulners.com/osvdb/OSVDB:36637)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200706-04.xml\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:132\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00009.html\nOther Advisory URL: http://madwifi.org/wiki/Releases/0.9.3.1\nOther Advisory URL: http://www.ubuntu.com/usn/usn-479-1\nISS X-Force ID: 34451\nFrSIRT Advisory: ADV-2007-1919\n[CVE-2007-2830](https://vulners.com/cve/CVE-2007-2830)\nBugtraq ID: 24114\n", "edition": 1, "modified": "2007-05-23T11:18:49", "published": "2007-05-23T11:18:49", "href": "https://vulners.com/osvdb/OSVDB:36636", "id": "OSVDB:36636", "title": "MadWifi if_ath.c ath_beacon_config Function Remote DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}