madwifi: security update for etch?
Kel Modderman
kel at otaku42.de
Wed Apr 11 12:11:57 UTC 2007
Hi Daniel,
On Wednesday 11 April 2007 18:34, Daniel Baumann wrote:
> [ Please keep me in CC; I'm not subscribed to the list ]
>
> Hi,
>
> recently, there were some security problems[0] fixed in an upload[1] to
> unstable. What are your plans to fix them in etch?
I'll answer this after reviewing contents of the CVE's I could find concerning
madwifi.
>
> Regards,
> Daniel
>
> [0] CVE-2006-7177, -7178, -7179, -7180
> [1] http://packages.qa.debian.org/m/madwifi/news/20070409T133204Z.html
Package in etch: madwifi-source (1:0.9.2+r1842.20061207-2)
Upstream madwifi SVN revision: r1842 + changeset r1847 via dpatch
Madwifi CVE list:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=madwifi
CVE-2006-7180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7180
ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before
WPA authentication succeeds, which allows remote attackers to obtain
sensitive information (related to network structure), and possibly cause a
denial of sevice (disrupted authentication) and conduct spoofing attacks.
CONFIRM:http://madwifi.org/ticket/967
http://madwifi.org/changeset/1760
Action required: none
CVE-2006-7179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7179
ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel
Switch Announcement Information Elements (CSA IEs), which allows remote
attackers to cause a denial of service (loss of communication) via a Channel
Switch Count less than or equal to one, triggering a channel change.
CONFIRM:http://madwifi.org/ticket/963
http://madwifi.org/changeset/1762
Action required: none
CVE-2006-7178, CVE-2006-7177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7177
MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an
IBSS node, which allows remote attackers to cause a denial of service (system
crash) via a certain AUTH frame.
MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial
of service (system crash) via unspecified vectors that lead to a kernel panic
in the ieee80211_input function, related to "packets coming from
a 'malicious' WinXP system."
CONFIRM:http://madwifi.org/ticket/880
http://madwifi.org/changeset/1818
Action required: none
CVE-2006-6332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6332
CONFIRM:http://madwifi.org/wiki/news/20061207/release-0-9-2-1-fixes-critical-security-issue
Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before
0.9.2.1 allows remote attackers to execute arbitrary code via unspecified
vectors, related to the encode_ie and giwscan_cb functions.
http://madwifi.org/changeset/1842
http://madwifi.org/changeset/1847
Action required: none
CVE-2005-4835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4835
CONFIRM:http://madwifi.org/ticket/287
Confirmed fixed before http://madwifi.org/changeset/1705
Action required: none
Since the snapshot of madwifi in etch (r1842 + changeset r1847) already
encompasses the fixes/confirmations described by each of the above, I propose
that we do nothing at this time.
Thanks, Kel.
More information about the Pkg-madwifi-maintainers
mailing list