Mandriva Update for madwifi-source MDKSA-2007:082 (madwifi-source)
2009-04-09T00:00:00
ID OPENVAS:830060 Type openvas Reporter Copyright (C) 2009 Greenbone Networks GmbH Modified 2017-07-06T00:00:00
Description
Check for the Version of madwifi-source
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for madwifi-source MDKSA-2007:082 (madwifi-source)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "The ath_rate_sample function in the ath_rate/sample/sample.c sample
code in MadWifi before 0.9.3 allows remote attackers to cause a denial
of service (failed KASSERT and system crash) by moving a connected
system to a location with low signal strength, and possibly other
vectors related to a race condition between interface enabling and
packet transmission. (CVE-2005-4835)
MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause
a denial of service (system crash) via unspecified vectors that lead
to a kernel panic in the ieee80211_input function, related to packets
coming from a malicious WinXP system. (CVE-2006-7177)
MadWifi before 0.9.3 does not properly handle reception of an AUTH
frame by an IBSS node, which allows remote attackers to cause a denial
of service (system crash) via a certain AUTH frame. (CVE-2006-7178)
ieee80211_input.c in MadWifi before 0.9.3 does not properly process
Channel Switch Announcement Information Elements (CSA IEs), which
allows remote attackers to cause a denial of service (loss of
communication) via a Channel Switch Count less than or equal to one,
triggering a channel change. (CVE-2006-7179)
ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets
before WPA authentication succeeds, which allows remote attackers
to obtain sensitive information (related to network structure),
and possibly cause a denial of service (disrupted authentication)
and conduct spoofing attacks. (CVE-2006-7180)
Updated packages have been updated to 0.9.3 to correct this
issue. Wpa_supplicant is built using madwifi-source and has been
rebuilt using 0.9.3 source.";
tag_affected = "madwifi-source on Mandriva Linux 2007.0,
Mandriva Linux 2007.0/X86_64,
Mandriva Linux 2007.1,
Mandriva Linux 2007.1/X86_64";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2007-04/msg00017.php");
script_id(830060);
script_version("$Revision: 6568 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $");
script_tag(name:"creation_date", value:"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_xref(name: "MDKSA", value: "2007:082");
script_cve_id("CVE-2005-4835", "CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7179", "CVE-2006-7180");
script_name( "Mandriva Update for madwifi-source MDKSA-2007:082 (madwifi-source)");
script_summary("Check for the Version of madwifi-source");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2007.1")
{
if ((res = isrpmvuln(pkg:"madwifi-source", rpm:"madwifi-source~0.9.3~1.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"wpa_gui", rpm:"wpa_gui~0.5.7~1.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"wpa_supplicant", rpm:"wpa_supplicant~0.5.7~1.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2007.0")
{
if ((res = isrpmvuln(pkg:"madwifi-source", rpm:"madwifi-source~0.9.3~1.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"wpa_gui", rpm:"wpa_gui~0.5.5~2.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"wpa_supplicant", rpm:"wpa_supplicant~0.5.5~2.1mdv2007.0", rls:"MNDK_2007.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:830060", "type": "openvas", "bulletinFamily": "scanner", "title": "Mandriva Update for madwifi-source MDKSA-2007:082 (madwifi-source)", "description": "Check for the Version of madwifi-source", "published": "2009-04-09T00:00:00", "modified": "2017-07-06T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830060", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["2007:082", "http://lists.mandriva.com/security-announce/2007-04/msg00017.php"], "cvelist": ["CVE-2006-7179", "CVE-2005-4835", "CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7180"], "lastseen": "2017-07-24T12:56:22", "viewCount": 0, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2017-07-24T12:56:22", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310830060", "OPENVAS:840081", "OPENVAS:58221"]}, {"type": "cve", "idList": ["CVE-2005-4835", "CVE-2006-7178", "CVE-2006-7180", "CVE-2006-7177", "CVE-2006-7179"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2007-082.NASL", "GENTOO_GLSA-200704-15.NASL", "UBUNTU_USN-479-1.NASL", "SUSE_MADWIFI-3897.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200704-15"]}, {"type": "ubuntu", "idList": ["USN-479-1"]}, {"type": "osvdb", "idList": ["OSVDB:34644", "OSVDB:34643", "OSVDB:34645", "OSVDB:34646"]}], "modified": "2017-07-24T12:56:22", "rev": 2}, "vulnersScore": 6.2}, "pluginID": "830060", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for madwifi-source MDKSA-2007:082 (madwifi-source)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ath_rate_sample function in the ath_rate/sample/sample.c sample\n code in MadWifi before 0.9.3 allows remote attackers to cause a denial\n of service (failed KASSERT and system crash) by moving a connected\n system to a location with low signal strength, and possibly other\n vectors related to a race condition between interface enabling and\n packet transmission. (CVE-2005-4835)\n\n MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause\n a denial of service (system crash) via unspecified vectors that lead\n to a kernel panic in the ieee80211_input function, related to packets\n coming from a malicious WinXP system. (CVE-2006-7177)\n \n MadWifi before 0.9.3 does not properly handle reception of an AUTH\n frame by an IBSS node, which allows remote attackers to cause a denial\n of service (system crash) via a certain AUTH frame. (CVE-2006-7178)\n \n ieee80211_input.c in MadWifi before 0.9.3 does not properly process\n Channel Switch Announcement Information Elements (CSA IEs), which\n allows remote attackers to cause a denial of service (loss of\n communication) via a Channel Switch Count less than or equal to one,\n triggering a channel change. (CVE-2006-7179)\n \n ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets\n before WPA authentication succeeds, which allows remote attackers\n to obtain sensitive information (related to network structure),\n and possibly cause a denial of service (disrupted authentication)\n and conduct spoofing attacks. (CVE-2006-7180)\n \n Updated packages have been updated to 0.9.3 to correct this\n issue. Wpa_supplicant is built using madwifi-source and has been\n rebuilt using 0.9.3 source.\";\n\ntag_affected = \"madwifi-source on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00017.php\");\n script_id(830060);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:082\");\n script_cve_id(\"CVE-2005-4835\", \"CVE-2006-7177\", \"CVE-2006-7178\", \"CVE-2006-7179\", \"CVE-2006-7180\");\n script_name( \"Mandriva Update for madwifi-source MDKSA-2007:082 (madwifi-source)\");\n\n script_summary(\"Check for the Version of madwifi-source\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"madwifi-source\", rpm:\"madwifi-source~0.9.3~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_gui\", rpm:\"wpa_gui~0.5.7~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~0.5.7~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"madwifi-source\", rpm:\"madwifi-source~0.9.3~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_gui\", rpm:\"wpa_gui~0.5.5~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~0.5.5~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Mandrake Local Security Checks"}
{"openvas": [{"lastseen": "2018-04-09T11:39:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7179", "CVE-2005-4835", "CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7180"], "description": "Check for the Version of madwifi-source", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830060", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830060", "type": "openvas", "title": "Mandriva Update for madwifi-source MDKSA-2007:082 (madwifi-source)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for madwifi-source MDKSA-2007:082 (madwifi-source)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ath_rate_sample function in the ath_rate/sample/sample.c sample\n code in MadWifi before 0.9.3 allows remote attackers to cause a denial\n of service (failed KASSERT and system crash) by moving a connected\n system to a location with low signal strength, and possibly other\n vectors related to a race condition between interface enabling and\n packet transmission. (CVE-2005-4835)\n\n MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause\n a denial of service (system crash) via unspecified vectors that lead\n to a kernel panic in the ieee80211_input function, related to packets\n coming from a malicious WinXP system. (CVE-2006-7177)\n \n MadWifi before 0.9.3 does not properly handle reception of an AUTH\n frame by an IBSS node, which allows remote attackers to cause a denial\n of service (system crash) via a certain AUTH frame. (CVE-2006-7178)\n \n ieee80211_input.c in MadWifi before 0.9.3 does not properly process\n Channel Switch Announcement Information Elements (CSA IEs), which\n allows remote attackers to cause a denial of service (loss of\n communication) via a Channel Switch Count less than or equal to one,\n triggering a channel change. (CVE-2006-7179)\n \n ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets\n before WPA authentication succeeds, which allows remote attackers\n to obtain sensitive information (related to network structure),\n and possibly cause a denial of service (disrupted authentication)\n and conduct spoofing attacks. (CVE-2006-7180)\n \n Updated packages have been updated to 0.9.3 to correct this\n issue. Wpa_supplicant is built using madwifi-source and has been\n rebuilt using 0.9.3 source.\";\n\ntag_affected = \"madwifi-source on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00017.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830060\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:082\");\n script_cve_id(\"CVE-2005-4835\", \"CVE-2006-7177\", \"CVE-2006-7178\", \"CVE-2006-7179\", \"CVE-2006-7180\");\n script_name( \"Mandriva Update for madwifi-source MDKSA-2007:082 (madwifi-source)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of madwifi-source\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"madwifi-source\", rpm:\"madwifi-source~0.9.3~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_gui\", rpm:\"wpa_gui~0.5.7~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~0.5.7~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"madwifi-source\", rpm:\"madwifi-source~0.9.3~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_gui\", rpm:\"wpa_gui~0.5.5~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wpa_supplicant\", rpm:\"wpa_supplicant~0.5.5~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7179", "CVE-2006-7178", "CVE-2006-7180"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200704-15.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:58221", "href": "http://plugins.openvas.org/nasl.php?oid=58221", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200704-15 (Madwifi-ng)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in the MadWifi driver,\npossibly leading to a Denial of Service and information disclosure.\";\ntag_solution = \"All MadWifi users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-wireless/madwifi-ng-0.9.3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200704-15\nhttp://bugs.gentoo.org/show_bug.cgi?id=173434\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200704-15.\";\n\n \n\nif(description)\n{\n script_id(58221);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-7178\", \"CVE-2006-7179\", \"CVE-2006-7180\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200704-15 (Madwifi-ng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-wireless/madwifi-ng\", unaffected: make_list(\"ge 0.9.3\"), vulnerable: make_list(\"lt 0.9.3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2831", "CVE-2006-7179", "CVE-2007-2829", "CVE-2007-2830", "CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7180"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-479-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840081", "href": "http://plugins.openvas.org/nasl.php?oid=840081", "type": "openvas", "title": "Ubuntu Update for linux-restricted-modules-2.6.15/.17/.20 vulnerabilities USN-479-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_479_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for linux-restricted-modules-2.6.15/.17/.20 vulnerabilities USN-479-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple flaws in the MadWifi driver were discovered that could lead\n to a system crash. A physically near-by attacker could generate\n specially crafted wireless network traffic and cause a denial of\n service. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829,\n CVE-2007-2830)\n\n A flaw was discovered in the MadWifi driver that would allow unencrypted\n network traffic to be sent prior to finishing WPA authentication.\n A physically near-by attacker could capture this, leading to a loss of\n privacy, denial of service, or network spoofing. (CVE-2006-7180)\n \n A flaw was discovered in the MadWifi driver's ioctl handling. A local\n attacker could read kernel memory, or crash the system, leading to a\n denial of service. (CVE-2007-2831)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-479-1\";\ntag_affected = \"linux-restricted-modules-2.6.15/.17/.20 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-479-1/\");\n script_id(840081);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"479-1\");\n script_cve_id(\"CVE-2006-7177\", \"CVE-2006-7178\", \"CVE-2006-7179\", \"CVE-2006-7180\", \"CVE-2007-2829\", \"CVE-2007-2830\", \"CVE-2007-2831\");\n script_name( \"Ubuntu Update for linux-restricted-modules-2.6.15/.17/.20 vulnerabilities USN-479-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"avm-fritz-firmware\", ver:\"2.6.20-16_3.11+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"avm-fritz-kernel-source\", ver:\"3.11+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fglrx-control\", ver:\"8.34.8+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fglrx-kernel-source\", ver:\"8.34.8+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.20-16-386_2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.20-16-generic_2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.20-16-lowlatency_2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-dev\", ver:\"1.0.9631+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy-dev\", ver:\"1.0.7184+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy\", ver:\"1.0.7184+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-new-dev\", ver:\"1.0.9755+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-new\", ver:\"1.0.9755+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx\", ver:\"1.0.9631+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-kernel-source\", ver:\"1.0.9631+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-legacy-kernel-source\", ver:\"1.0.7184+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-new-kernel-source\", ver:\"1.0.9755+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vmware-player-kernel-modules\", ver:\"2.6.20-16_2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vmware-server-kernel-modules\", ver:\"2.6.20-16_2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vmware-tools-kernel-modules\", ver:\"2.6.20-16_2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx-dev\", ver:\"7.1.0-8.34.8+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx\", ver:\"7.1.0-8.34.8+2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules-common\", ver:\"2.6.20.5-16.29\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"avm-fritz-firmware\", ver:\"2.6.15-28_3.11+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"avm-fritz-kernel-source\", ver:\"3.11+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fglrx-control\", ver:\"8.25.18+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fglrx-kernel-source\", ver:\"8.25.18+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.15-28-386_2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.15-28-686_2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.15-28-k7_2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-dev\", ver:\"1.0.8776+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy-dev\", ver:\"1.0.7174+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy\", ver:\"1.0.7174+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx\", ver:\"1.0.8776+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-kernel-source\", ver:\"1.0.8776+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-legacy-kernel-source\", ver:\"1.0.7174+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx-dev\", ver:\"7.0.0-8.25.18+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx\", ver:\"7.0.0-8.25.18+2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules-common\", ver:\"2.6.15.12-28.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"avm-fritz-firmware\", ver:\"2.6.17-11_3.11+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"avm-fritz-kernel-source\", ver:\"3.11+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fglrx-control\", ver:\"8.28.8+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fglrx-kernel-source\", ver:\"8.28.8+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.17-11-386_2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules\", ver:\"2.6.17-11-generic_2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-dev\", ver:\"1.0.8776+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy-dev\", ver:\"1.0.7184+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx-legacy\", ver:\"1.0.7184+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-glx\", ver:\"1.0.8776+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-kernel-source\", ver:\"1.0.8776+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nvidia-legacy-kernel-source\", ver:\"1.0.7184+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"vmware-player-kernel-modules\", ver:\"2.6.17-11_2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx-dev\", ver:\"7.1.0-8.28.8+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xorg-driver-fglrx\", ver:\"7.1.0-8.28.8+2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-restricted-modules-common\", ver:\"2.6.17.8-11.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T11:51:43", "description": "The ath_rate_sample function in the ath_rate/sample/sample.c sample\ncode in MadWifi before 0.9.3 allows remote attackers to cause a denial\nof service (failed KASSERT and system crash) by moving a connected\nsystem to a location with low signal strength, and possibly other\nvectors related to a race condition between interface enabling and\npacket transmission. (CVE-2005-4835)\n\nMadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a\ndenial of service (system crash) via unspecified vectors that lead to\na kernel panic in the ieee80211_input function, related to packets\ncoming from a malicious WinXP system. (CVE-2006-7177)\n\nMadWifi before 0.9.3 does not properly handle reception of an AUTH\nframe by an IBSS node, which allows remote attackers to cause a denial\nof service (system crash) via a certain AUTH frame. (CVE-2006-7178)\n\nieee80211_input.c in MadWifi before 0.9.3 does not properly process\nChannel Switch Announcement Information Elements (CSA IEs), which\nallows remote attackers to cause a denial of service (loss of\ncommunication) via a Channel Switch Count less than or equal to one,\ntriggering a channel change. (CVE-2006-7179)\n\nieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets\nbefore WPA authentication succeeds, which allows remote attackers to\nobtain sensitive information (related to network structure), and\npossibly cause a denial of service (disrupted authentication) and\nconduct spoofing attacks. (CVE-2006-7180)\n\nUpdated packages have been updated to 0.9.3 to correct this issue.\nWpa_supplicant is built using madwifi-source and has been rebuilt\nusing 0.9.3 source.", "edition": 24, "published": "2007-04-12T00:00:00", "title": "Mandrake Linux Security Advisory : madwifi-source (MDKSA-2007:082)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7179", "CVE-2005-4835", "CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7180"], "modified": "2007-04-12T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:wpa_supplicant", "p-cpe:/a:mandriva:linux:madwifi-source", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:wpa_gui"], "id": "MANDRAKE_MDKSA-2007-082.NASL", "href": "https://www.tenable.com/plugins/nessus/25033", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:082. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25033);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-4835\", \"CVE-2006-7177\", \"CVE-2006-7178\", \"CVE-2006-7179\", \"CVE-2006-7180\");\n script_xref(name:\"MDKSA\", value:\"2007:082\");\n\n script_name(english:\"Mandrake Linux Security Advisory : madwifi-source (MDKSA-2007:082)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The ath_rate_sample function in the ath_rate/sample/sample.c sample\ncode in MadWifi before 0.9.3 allows remote attackers to cause a denial\nof service (failed KASSERT and system crash) by moving a connected\nsystem to a location with low signal strength, and possibly other\nvectors related to a race condition between interface enabling and\npacket transmission. (CVE-2005-4835)\n\nMadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a\ndenial of service (system crash) via unspecified vectors that lead to\na kernel panic in the ieee80211_input function, related to packets\ncoming from a malicious WinXP system. (CVE-2006-7177)\n\nMadWifi before 0.9.3 does not properly handle reception of an AUTH\nframe by an IBSS node, which allows remote attackers to cause a denial\nof service (system crash) via a certain AUTH frame. (CVE-2006-7178)\n\nieee80211_input.c in MadWifi before 0.9.3 does not properly process\nChannel Switch Announcement Information Elements (CSA IEs), which\nallows remote attackers to cause a denial of service (loss of\ncommunication) via a Channel Switch Count less than or equal to one,\ntriggering a channel change. (CVE-2006-7179)\n\nieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets\nbefore WPA authentication succeeds, which allows remote attackers to\nobtain sensitive information (related to network structure), and\npossibly cause a denial of service (disrupted authentication) and\nconduct spoofing attacks. (CVE-2006-7180)\n\nUpdated packages have been updated to 0.9.3 to correct this issue.\nWpa_supplicant is built using madwifi-source and has been rebuilt\nusing 0.9.3 source.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected madwifi-source, wpa_gui and / or wpa_supplicant\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wpa_gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wpa_supplicant\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"madwifi-source-0.9.3-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"wpa_gui-0.5.5-2.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"wpa_supplicant-0.5.5-2.1mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"madwifi-source-0.9.3-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"wpa_gui-0.5.7-1.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"wpa_supplicant-0.5.7-1.1mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:52:12", "description": "The remote host is affected by the vulnerability described in GLSA-200704-15\n(MadWifi: Multiple vulnerabilities)\n\n The driver does not properly process Channel Switch Announcement\n Information Elements, allowing for an abnormal channel change. The\n ieee80211_input() function does not properly handle AUTH frames and the\n driver sends unencrypted packets before WPA authentication succeeds.\n \nImpact :\n\n A remote attacker could send specially crafted AUTH frames to the\n vulnerable host, resulting in a Denial of Service by crashing the\n kernel. A remote attacker could gain access to sensitive information\n about network architecture by sniffing unencrypted packets. A remote\n attacker could also send a Channel Switch Count less than or equal to\n one to trigger a channel change, resulting in a communication loss and\n a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2007-04-19T00:00:00", "title": "GLSA-200704-15 : MadWifi: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-7179", "CVE-2006-7178", "CVE-2006-7180"], "modified": "2007-04-19T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:madwifi-ng"], "id": "GENTOO_GLSA-200704-15.NASL", "href": "https://www.tenable.com/plugins/nessus/25060", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200704-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25060);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-7178\", \"CVE-2006-7179\", \"CVE-2006-7180\");\n script_xref(name:\"GLSA\", value:\"200704-15\");\n\n script_name(english:\"GLSA-200704-15 : MadWifi: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200704-15\n(MadWifi: Multiple vulnerabilities)\n\n The driver does not properly process Channel Switch Announcement\n Information Elements, allowing for an abnormal channel change. The\n ieee80211_input() function does not properly handle AUTH frames and the\n driver sends unencrypted packets before WPA authentication succeeds.\n \nImpact :\n\n A remote attacker could send specially crafted AUTH frames to the\n vulnerable host, resulting in a Denial of Service by crashing the\n kernel. A remote attacker could gain access to sensitive information\n about network architecture by sniffing unencrypted packets. A remote\n attacker could also send a Channel Switch Count less than or equal to\n one to trigger a channel change, resulting in a communication loss and\n a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200704-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MadWifi users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-wireless/madwifi-ng-0.9.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:madwifi-ng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-wireless/madwifi-ng\", unaffected:make_list(\"ge 0.9.3\"), vulnerable:make_list(\"lt 0.9.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MadWifi\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:46:34", "description": "The madwifi driver and userland packages were updated to 0.9.3.1.\nPlease note that while the RPM version still says '0.9.3', the content\nis the 0.9.3.1 version.\n\nThis updates fixes following security problems :\n\n - The 802.11 network stack in net80211/ieee80211_input.c\n in MadWifi before 0.9.3.1 allows remote attackers to\n cause a denial of service (system hang) via a crafted\n length field in nested 802.3 Ethernet frames in Fast\n Frame packets, which results in a NULL pointer\n dereference. (CVE-2007-2829)\n\n - The ath_beacon_config function in if_ath.c in MadWifi\n before 0.9.3.1 allows remote attackers to cause a denial\n of service (system crash) via crafted beacon interval\n information when scanning for access points, which\n triggers a divide-by-zero error. (CVE-2007-2830)\n\n - Array index error in the (1)\n ieee80211_ioctl_getwmmparams and (2)\n ieee80211_ioctl_setwmmparams functions in\n net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1\n allows local users to cause a denial of service (system\n crash), possibly obtain kernel memory contents, and\n possibly execute arbitrary code via a large negative\n array index value. (CVE-2007-2831)\n\n'remote attackers' are attackers within range of the WiFi reception of\nthe card.\n\nPlease note that the problems fixed in 0.9.3 were fixed by the madwifi\nVersion upgrade to 0.9.3 in SLE10 Service Pack 1. (CVE-2005-4835 /\nCVE-2006-7177 / CVE-2006-7178 / CVE-2006-7179 / CVE-2006-7180).", "edition": 24, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : madwifi (ZYPP Patch Number 3897)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2831", "CVE-2006-7179", "CVE-2007-2829", "CVE-2007-2830", "CVE-2005-4835", "CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7180"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MADWIFI-3897.NASL", "href": "https://www.tenable.com/plugins/nessus/29517", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29517);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-4835\", \"CVE-2006-7177\", \"CVE-2006-7178\", \"CVE-2006-7179\", \"CVE-2006-7180\", \"CVE-2007-2829\", \"CVE-2007-2830\", \"CVE-2007-2831\");\n\n script_name(english:\"SuSE 10 Security Update : madwifi (ZYPP Patch Number 3897)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The madwifi driver and userland packages were updated to 0.9.3.1.\nPlease note that while the RPM version still says '0.9.3', the content\nis the 0.9.3.1 version.\n\nThis updates fixes following security problems :\n\n - The 802.11 network stack in net80211/ieee80211_input.c\n in MadWifi before 0.9.3.1 allows remote attackers to\n cause a denial of service (system hang) via a crafted\n length field in nested 802.3 Ethernet frames in Fast\n Frame packets, which results in a NULL pointer\n dereference. (CVE-2007-2829)\n\n - The ath_beacon_config function in if_ath.c in MadWifi\n before 0.9.3.1 allows remote attackers to cause a denial\n of service (system crash) via crafted beacon interval\n information when scanning for access points, which\n triggers a divide-by-zero error. (CVE-2007-2830)\n\n - Array index error in the (1)\n ieee80211_ioctl_getwmmparams and (2)\n ieee80211_ioctl_setwmmparams functions in\n net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1\n allows local users to cause a denial of service (system\n crash), possibly obtain kernel memory contents, and\n possibly execute arbitrary code via a large negative\n array index value. (CVE-2007-2831)\n\n'remote attackers' are attackers within range of the WiFi reception of\nthe card.\n\nPlease note that the problems fixed in 0.9.3 were fixed by the madwifi\nVersion upgrade to 0.9.3 in SLE10 Service Pack 1. (CVE-2005-4835 /\nCVE-2006-7177 / CVE-2006-7178 / CVE-2006-7179 / CVE-2006-7180).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2005-4835.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-7177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-7178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-7179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-7180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2831.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 3897.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"madwifi-0.9.3-6.11\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"madwifi-kmp-default-0.9.3_2.6.16.46_0.16-6.11\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"madwifi-kmp-smp-0.9.3_2.6.16.46_0.16-6.11\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"madwifi-kmp-bigsmp-0.9.3_2.6.16.46_0.16-6.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:44:00", "description": "Multiple flaws in the MadWifi driver were discovered that could lead\nto a system crash. A physically near-by attacker could generate\nspecially crafted wireless network traffic and cause a denial of\nservice. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829,\nCVE-2007-2830)\n\nA flaw was discovered in the MadWifi driver that would allow\nunencrypted network traffic to be sent prior to finishing WPA\nauthentication. A physically near-by attacker could capture this,\nleading to a loss of privacy, denial of service, or network spoofing.\n(CVE-2006-7180)\n\nA flaw was discovered in the MadWifi driver's ioctl handling. A local\nattacker could read kernel memory, or crash the system, leading to a\ndenial of service. (CVE-2007-2831).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-restricted-modules-2.6.15/.17/.20 vulnerabilities (USN-479-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2831", "CVE-2006-7179", "CVE-2007-2829", "CVE-2007-2830", "CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7180"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:nvidia-glx", "p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common", "p-cpe:/a:canonical:ubuntu_linux:fglrx-control", "p-cpe:/a:canonical:ubuntu_linux:vmware-player-kernel-modules-2.6.20-16", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev", "p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.17-11", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source", "p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx", "p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy", "p-cpe:/a:canonical:ubuntu_linux:vmware-server-kernel-modules-2.6.20-16", "p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.20-16", "p-cpe:/a:canonical:ubuntu_linux:vmware-tools-kernel-modules-2.6.20-16", "p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new-dev", "p-cpe:/a:canonical:ubuntu_linux:nvidia-new-kernel-source", "cpe:/o:canonical:ubuntu_linux:7.04", "p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev", "p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-28", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "p-cpe:/a:canonical:ubuntu_linux:vmware-player-kernel-modules-2.6.17-11"], "id": "UBUNTU_USN-479-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-479-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28080);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-7177\", \"CVE-2006-7178\", \"CVE-2006-7179\", \"CVE-2006-7180\", \"CVE-2007-2829\", \"CVE-2007-2830\", \"CVE-2007-2831\");\n script_xref(name:\"USN\", value:\"479-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-restricted-modules-2.6.15/.17/.20 vulnerabilities (USN-479-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws in the MadWifi driver were discovered that could lead\nto a system crash. A physically near-by attacker could generate\nspecially crafted wireless network traffic and cause a denial of\nservice. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829,\nCVE-2007-2830)\n\nA flaw was discovered in the MadWifi driver that would allow\nunencrypted network traffic to be sent prior to finishing WPA\nauthentication. A physically near-by attacker could capture this,\nleading to a loss of privacy, denial of service, or network spoofing.\n(CVE-2006-7180)\n\nA flaw was discovered in the MadWifi driver's ioctl handling. A local\nattacker could read kernel memory, or crash the system, leading to a\ndenial of service. (CVE-2007-2831).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/479-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.17-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.20-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fglrx-control\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-new-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vmware-player-kernel-modules-2.6.17-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vmware-player-kernel-modules-2.6.20-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vmware-server-kernel-modules-2.6.20-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vmware-tools-kernel-modules-2.6.20-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2021 Canonical, Inc. / NASL script (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2006-7177\", \"CVE-2006-7178\", \"CVE-2006-7179\", \"CVE-2006-7180\", \"CVE-2007-2829\", \"CVE-2007-2830\", \"CVE-2007-2831\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-479-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"avm-fritz-firmware-2.6.15-28\", pkgver:\"3.11+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"avm-fritz-kernel-source\", pkgver:\"3.11+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"fglrx-control\", pkgver:\"8.25.18+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"fglrx-kernel-source\", pkgver:\"8.25.18+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-28-386\", pkgver:\"2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-28-686\", pkgver:\"2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-28-amd64-generic\", pkgver:\"2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-28-amd64-k8\", pkgver:\"2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-28-amd64-xeon\", pkgver:\"2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-common\", pkgver:\"2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx\", pkgver:\"1.0.8776+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx-dev\", pkgver:\"1.0.8776+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx-legacy\", pkgver:\"1.0.7174+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx-legacy-dev\", pkgver:\"1.0.7174+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-kernel-source\", pkgver:\"1.0.8776+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-legacy-kernel-source\", pkgver:\"1.0.7174+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"xorg-driver-fglrx\", pkgver:\"7.0.0-8.25.18+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"xorg-driver-fglrx-dev\", pkgver:\"7.0.0-8.25.18+2.6.15.12-28.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"avm-fritz-firmware-2.6.17-11\", pkgver:\"3.11+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"avm-fritz-kernel-source\", pkgver:\"3.11+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"fglrx-control\", pkgver:\"8.28.8+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"fglrx-kernel-source\", pkgver:\"8.28.8+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"linux-restricted-modules-2.6.17-11-386\", pkgver:\"2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"linux-restricted-modules-2.6.17-11-generic\", pkgver:\"2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"linux-restricted-modules-common\", pkgver:\"2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nvidia-glx\", pkgver:\"1.0.8776+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nvidia-glx-dev\", pkgver:\"1.0.8776+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nvidia-glx-legacy\", pkgver:\"1.0.7184+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nvidia-glx-legacy-dev\", pkgver:\"1.0.7184+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nvidia-kernel-source\", pkgver:\"1.0.8776+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nvidia-legacy-kernel-source\", pkgver:\"1.0.7184+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"vmware-player-kernel-modules-2.6.17-11\", pkgver:\"2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"xorg-driver-fglrx\", pkgver:\"7.1.0-8.28.8+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"xorg-driver-fglrx-dev\", pkgver:\"7.1.0-8.28.8+2.6.17.8-11.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"avm-fritz-firmware-2.6.20-16\", pkgver:\"3.11+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"avm-fritz-kernel-source\", pkgver:\"3.11+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"fglrx-control\", pkgver:\"8.34.8+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"fglrx-kernel-source\", pkgver:\"8.34.8+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-restricted-modules-2.6.20-16-386\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-restricted-modules-2.6.20-16-generic\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-restricted-modules-2.6.20-16-lowlatency\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-restricted-modules-common\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-glx\", pkgver:\"1.0.9631+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-glx-dev\", pkgver:\"1.0.9631+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-glx-legacy\", pkgver:\"1.0.7184+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-glx-legacy-dev\", pkgver:\"1.0.7184+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-glx-new\", pkgver:\"1.0.9755+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-glx-new-dev\", pkgver:\"1.0.9755+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-kernel-source\", pkgver:\"1.0.9631+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-legacy-kernel-source\", pkgver:\"1.0.7184+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"nvidia-new-kernel-source\", pkgver:\"1.0.9755+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vmware-player-kernel-modules-2.6.20-16\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vmware-server-kernel-modules-2.6.20-16\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"vmware-tools-kernel-modules-2.6.20-16\", pkgver:\"2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"xorg-driver-fglrx\", pkgver:\"7.1.0-8.34.8+2.6.20.5-16.29\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"xorg-driver-fglrx-dev\", pkgver:\"7.1.0-8.34.8+2.6.20.5-16.29\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"avm-fritz-firmware-2.6.15-28 / avm-fritz-firmware-2.6.17-11 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:23:51", "description": "ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change.", "edition": 5, "cvss3": {}, "published": "2007-03-30T01:19:00", "title": "CVE-2006-7179", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7179"], "modified": "2018-10-16T16:29:00", "cpe": ["cpe:/a:madwifi:madwifi:0.9.2.1", "cpe:/a:madwifi:madwifi:0.9.2"], "id": "CVE-2006-7179", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7179", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:madwifi:madwifi:0.9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:23:51", "description": "MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame.", "edition": 5, "cvss3": {}, "published": "2007-03-30T01:19:00", "title": "CVE-2006-7178", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7178"], "modified": "2018-10-16T16:29:00", "cpe": ["cpe:/a:madwifi:madwifi:0.9.2.1", "cpe:/a:madwifi:madwifi:0.9.2"], "id": "CVE-2006-7178", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7178", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:madwifi:madwifi:0.9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:23:51", "description": "ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks.", "edition": 5, "cvss3": {}, "published": "2007-03-30T01:19:00", "title": "CVE-2006-7180", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7180"], "modified": "2018-10-16T16:29:00", "cpe": ["cpe:/a:madwifi:madwifi:0.9.2"], "id": "CVE-2006-7180", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7180", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:madwifi:madwifi:0.9.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:48:20", "description": "MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to \"packets coming from a 'malicious' WinXP system.\"", "edition": 3, "cvss3": {}, "published": "2007-03-30T01:19:00", "title": "CVE-2006-7177", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7177"], "modified": "2018-10-16T16:29:00", "cpe": ["cpe:/a:madwifi:madwifi:0.9.2"], "id": "CVE-2006-7177", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7177", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:madwifi:madwifi:0.9.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:34:58", "description": "The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission.", "edition": 3, "cvss3": {}, "published": "2005-12-31T05:00:00", "title": "CVE-2005-4835", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-4835"], "modified": "2008-09-10T19:54:00", "cpe": ["cpe:/a:madwifi:madwifi:0.9.1", "cpe:/a:madwifi:madwifi:0.9.0", "cpe:/a:madwifi:madwifi:0.9.2.1", "cpe:/a:madwifi:madwifi:0.9.2"], "id": "CVE-2005-4835", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4835", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:madwifi:madwifi:0.9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:madwifi:madwifi:0.9.2:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:53", "bulletinFamily": "unix", "cvelist": ["CVE-2006-7179", "CVE-2006-7178", "CVE-2006-7180"], "description": "### Background\n\nThe MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. \n\n### Description\n\nThe driver does not properly process Channel Switch Announcement Information Elements, allowing for an abnormal channel change. The ieee80211_input() function does not properly handle AUTH frames and the driver sends unencrypted packets before WPA authentication succeeds. \n\n### Impact\n\nA remote attacker could send specially crafted AUTH frames to the vulnerable host, resulting in a Denial of Service by crashing the kernel. A remote attacker could gain access to sensitive information about network architecture by sniffing unencrypted packets. A remote attacker could also send a Channel Switch Count less than or equal to one to trigger a channel change, resulting in a communication loss and a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll MadWifi users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-wireless/madwifi-ng-0.9.3\"", "edition": 1, "modified": "2007-04-21T00:00:00", "published": "2007-04-17T00:00:00", "id": "GLSA-200704-15", "href": "https://security.gentoo.org/glsa/200704-15", "type": "gentoo", "title": "MadWifi: Multiple vulnerabilities", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-08T23:41:58", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2831", "CVE-2006-7179", "CVE-2007-2829", "CVE-2007-2830", "CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7180"], "description": "Multiple flaws in the MadWifi driver were discovered that could lead \nto a system crash. A physically near-by attacker could generate \nspecially crafted wireless network traffic and cause a denial of \nservice. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829, \nCVE-2007-2830)\n\nA flaw was discovered in the MadWifi driver that would allow unencrypted \nnetwork traffic to be sent prior to finishing WPA authentication. \nA physically near-by attacker could capture this, leading to a loss of \nprivacy, denial of service, or network spoofing. (CVE-2006-7180)\n\nA flaw was discovered in the MadWifi driver's ioctl handling. A local \nattacker could read kernel memory, or crash the system, leading to a \ndenial of service. (CVE-2007-2831)", "edition": 6, "modified": "2007-06-29T00:00:00", "published": "2007-06-29T00:00:00", "id": "USN-479-1", "href": "https://ubuntu.com/security/notices/USN-479-1", "title": "MadWifi vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2006-7179"], "description": "## Solution Description\nUpgrade to version 0.9.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.madwifi.org/\nVendor Specific News/Changelog Entry: http://madwifi.org/ticket/963\nVendor Specific News/Changelog Entry: http://madwifi.org/wiki/Releases/0.9.3\n[Secunia Advisory ID:24931](https://secuniaresearch.flexerasoftware.com/advisories/24931/)\n[Secunia Advisory ID:26083](https://secuniaresearch.flexerasoftware.com/advisories/26083/)\n[Secunia Advisory ID:24841](https://secuniaresearch.flexerasoftware.com/advisories/24841/)\n[Secunia Advisory ID:24670](https://secuniaresearch.flexerasoftware.com/advisories/24670/)\n[Related OSVDB ID: 34644](https://vulners.com/osvdb/OSVDB:34644)\n[Related OSVDB ID: 34643](https://vulners.com/osvdb/OSVDB:34643)\n[Related OSVDB ID: 34646](https://vulners.com/osvdb/OSVDB:34646)\nOther Advisory URL: http://dev.lintrack.org/ticket/101\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00009.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200704-15.xml\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:082\nMail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2007-03/0019.html\nFrSIRT Advisory: ADV-2007-1187\n[CVE-2006-7179](https://vulners.com/cve/CVE-2006-7179)\nBugtraq ID: 23436\n", "edition": 1, "modified": "2007-03-19T22:49:00", "published": "2007-03-19T22:49:00", "href": "https://vulners.com/osvdb/OSVDB:34645", "id": "OSVDB:34645", "title": "MadWifi ieee80211_input.c CSA IEs Processing DoS", "type": "osvdb", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2006-7178"], "description": "## Solution Description\nUpgrade to version 0.9.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.madwifi.org/\nVendor Specific News/Changelog Entry: http://madwifi.org/ticket/880\nVendor Specific News/Changelog Entry: http://madwifi.org/wiki/Releases/0.9.3\n[Secunia Advisory ID:24931](https://secuniaresearch.flexerasoftware.com/advisories/24931/)\n[Secunia Advisory ID:26083](https://secuniaresearch.flexerasoftware.com/advisories/26083/)\n[Secunia Advisory ID:24841](https://secuniaresearch.flexerasoftware.com/advisories/24841/)\n[Secunia Advisory ID:24670](https://secuniaresearch.flexerasoftware.com/advisories/24670/)\n[Related OSVDB ID: 34645](https://vulners.com/osvdb/OSVDB:34645)\n[Related OSVDB ID: 34643](https://vulners.com/osvdb/OSVDB:34643)\n[Related OSVDB ID: 34646](https://vulners.com/osvdb/OSVDB:34646)\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00009.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200704-15.xml\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:082\nMail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2007-03/0019.html\nFrSIRT Advisory: ADV-2007-1187\n[CVE-2006-7178](https://vulners.com/cve/CVE-2006-7178)\nBugtraq ID: 23431\n", "edition": 1, "modified": "2007-03-19T22:49:00", "published": "2007-03-19T22:49:00", "href": "https://vulners.com/osvdb/OSVDB:34644", "id": "OSVDB:34644", "title": "MadWifi IBSS Node Crafted AUTH Frame DoS", "type": "osvdb", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2006-7180"], "description": "## Solution Description\nUpgrade to version 0.9.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.madwifi.org/\nVendor Specific News/Changelog Entry: http://madwifi.org/ticket/967\nVendor Specific News/Changelog Entry: http://madwifi.org/wiki/Releases/0.9.3\n[Secunia Advisory ID:24931](https://secuniaresearch.flexerasoftware.com/advisories/24931/)\n[Secunia Advisory ID:26083](https://secuniaresearch.flexerasoftware.com/advisories/26083/)\n[Secunia Advisory ID:24841](https://secuniaresearch.flexerasoftware.com/advisories/24841/)\n[Secunia Advisory ID:24670](https://secuniaresearch.flexerasoftware.com/advisories/24670/)\n[Related OSVDB ID: 34644](https://vulners.com/osvdb/OSVDB:34644)\n[Related OSVDB ID: 34645](https://vulners.com/osvdb/OSVDB:34645)\n[Related OSVDB ID: 34643](https://vulners.com/osvdb/OSVDB:34643)\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00009.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200704-15.xml\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:082\nMail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2007-03/0019.html\nISS X-Force ID: 33514\nFrSIRT Advisory: ADV-2007-1187\n[CVE-2006-7180](https://vulners.com/cve/CVE-2006-7180)\nBugtraq ID: 23434\n", "edition": 1, "modified": "2007-03-19T22:49:00", "published": "2007-03-19T22:49:00", "href": "https://vulners.com/osvdb/OSVDB:34646", "id": "OSVDB:34646", "title": "MadWifi ieee80211_output.c Cleartext Information Disclosure", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2006-7177"], "description": "## Solution Description\nUpgrade to version 0.9.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.madwifi.org/\nVendor Specific News/Changelog Entry: http://madwifi.org/ticket/880\nVendor Specific News/Changelog Entry: http://madwifi.org/wiki/Releases/0.9.3\n[Secunia Advisory ID:24931](https://secuniaresearch.flexerasoftware.com/advisories/24931/)\n[Secunia Advisory ID:26083](https://secuniaresearch.flexerasoftware.com/advisories/26083/)\n[Secunia Advisory ID:24841](https://secuniaresearch.flexerasoftware.com/advisories/24841/)\n[Secunia Advisory ID:24670](https://secuniaresearch.flexerasoftware.com/advisories/24670/)\n[Related OSVDB ID: 34644](https://vulners.com/osvdb/OSVDB:34644)\n[Related OSVDB ID: 34645](https://vulners.com/osvdb/OSVDB:34645)\n[Related OSVDB ID: 34646](https://vulners.com/osvdb/OSVDB:34646)\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00009.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200704-15.xml\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:082\nMail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2007-03/0019.html\n[CVE-2006-7177](https://vulners.com/cve/CVE-2006-7177)\nBugtraq ID: 23433\n", "edition": 1, "modified": "2007-03-19T22:49:00", "published": "2007-03-19T22:49:00", "href": "https://vulners.com/osvdb/OSVDB:34643", "id": "OSVDB:34643", "title": "MadWifi ieee80211_input Function Unspecified Crafted Packet DoS", "type": "osvdb", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
