drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in MadWifi
Name: |
Mehrere Probleme in MadWifi |
|
ID: |
200704-15 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mi, 18. April 2007, 00:46 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7180 |
|
Applikationen: |
madwifi |
|
Originalnachricht |
--SNIs70sCzqvszXB4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200704-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: MadWifi: Multiple vulnerabilities Date: April 17, 2007 Bugs: #173434 ID: 200704-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities have been discovered in the MadWifi driver, possibly leading to a Denial of Service and information disclosure.
Background ==========
The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-wireless/madwifi-ng < 0.9.3 >= 0.9.3
Description ===========
The driver does not properly process Channel Switch Announcement Information Elements, allowing for an abnormal channel change. The ieee80211_input() function does not properly handle AUTH frames and the driver sends unencrypted packets before WPA authentication succeeds.
Impact ======
A remote attacker could send specially crafted AUTH frames to the vulnerable host, resulting in a Denial of Service by crashing the kernel. A remote attacker could gain access to sensitive information about network architecture by sniffing unencrypted packets. A remote attacker could also send a Channel Switch Count less than or equal to one to trigger a channel change, resulting in a communication loss and a Denial of Service.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All MadWifi users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.3"
References ==========
[ 1 ] CVE-2007-7178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7178 [ 2 ] CVE-2007-7179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7179 [ 3 ] CVE-2007-7180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7180
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200704-15.xml
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License =======
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--SNIs70sCzqvszXB4 Content-Type: application/pgp-signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRiVMADvRww8BFPxFAQIz/ggAnCrraGg5ES1U1UGgW9gfMdK4EPOV+TWM CVsMQlhPjOpPDB/T22l5ruWbLTz2illllgsXVzXJWZvvawGa4vvI39kcx/Qz5iAo Ck9fmi2JkU02rWKwJSDk9m0zVE/HHCWdgEpHpQJwiOg2FYXhVNxkkT0MwH74Y0hL ut77zNW7fIXhheq0vALIAipvV4SNvzLbLepEJGLnTOiXCePS5cdxouagVq3dTZud Hs4H7WyfOuEVVHGiIFBxV1Xvle00hnMNtNWbq1fQZl0AgH0uXbv2bx7cznepztfZ Ybo2MQ2HQH3LNnL8TpydxZfuBgYMmIqFKFX1SST54gu0N3Ou81OKEA== =Qi8m -----END PGP SIGNATURE-----
--SNIs70sCzqvszXB4-- -- gentoo-announce@gentoo.org mailing list
|
|
|
|