Bug#446824: CVE-2007-5448 remote denial of service via crafted beacon frame

Faidon Liambotis paravoid at debian.org
Sat Dec 29 23:30:37 UTC 2007


Luk Claes wrote:
>> CVE-2007-5448[0]:
>> | Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial
>> | of service (panic) via a beacon frame with a large length value in the
>> | extended supported rates (xrates) element, which triggers an assertion
>> | error, related to net80211/ieee80211_scan_ap.c and
>> | net80211/ieee80211_scan_sta.c.
>>
>> If you fix this vulnerability please also include the CVE id
>> in your changelog entry.
>>
>> This is fixed in upstream svn on:
>> http://madwifi.org/changeset/2736
>>
>> For further information:
>> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5448
> 
> Can you please upload a fixed package to stable?
This is remotely exploitable over the air -- an attacker could send a
specially crafted packet with his wireless device and crash all affected
systems literally around him. Imagine exploiting this e.g. on a DebConf.

IMHO (I'm not a maintainer) this should be fixed ASAP in stable-security
and the DSA should include that manual action is required to actually
fix this (rebuilding and reloading the kernel modules).

Regards,
Faidon





More information about the Pkg-madwifi-maintainers mailing list