Bug#402836: CVE-2006-6332: Stack buffer overflow vulnerabilities
Ben Hutchings
ben at decadent.org.uk
Tue Dec 12 23:50:32 CET 2006
Package: madwifi
Version: 1:0.9.2+r1842.20061207-1
Severity: critical
Tags: security
Justification: root security hole
According to the upstream advisory
<http://madwifi.org/wiki/news/20061207/release-0-9-2-1-fixes-critical-security-issue>:
"A critical security flaw (CVE-2006-6332) has been discovered which can
be exploited from remote and allows arbitrary code injection. The fix
has been committed to trunk in r1842. In addition, we released
v0.9.2.1 (v0.9.2 plus the fix for the issue), which is available for
download from sf.net."
However, r1842 did *not* completely fix the flaw. One of the length
checks was wrong and was subsequently fixed in SVN r1847.
Ben.
More information about the Pkg-madwifi-maintainers
mailing list