MDKSA-2007:132

Package name

madwifi-source

Date

2007-06-21

Advisory ID

MDKSA-2007:132

Affected versions

2007.1 x86_64 , 2007.1 i586 , 2007.0 x86_64 , 2007.0 i586

Problem description

The 802.11 network stack in MadWifi prior to 0.9.3.1 would alloa remote
attackers to cause a denial of service (system hang) via a crafted
length field in nested 802.3 Ethernet frames in Fast Frame packets,
which results in a NULL pointer dereference (CVE-2007-2829).

The ath_beacon_config function in MadWifi prior to 0.9.3.1 would
allow a remote attacker to cause a denial of service (system crash)
via crafted beacon interval information when scanning for access
points, which triggered a divide-by-zero error (CVE-2007-2830).

An array index error in MadWifi prior to 0.9.3.1 would allow a
local user to cause a denial of service (system crash) and possibly
obtain kerenl memory contents, as well as possibly allowing for the
execution of arbitrary code via a large negative array index value
(CVE-2007-2831).

Updated packages have been updated to 0.9.3.1 to correct these
issues. Wpa_supplicant is built using madwifi-source and has been
rebuilt using 0.9.3.1 source.

Updated packages

2007.1 x86_64

 1b51de79156fce38f5a8d1310632e2a4  2007.1/x86_64/madwifi-source-0.9.3.1-1.1mdv2007.1.noarch.rpm
 4ad0a1957ce6d6cf9a3608f6d1dacb31  2007.1/x86_64/wpa_gui-0.5.7-1.2mdv2007.1.x86_64.rpm
 04cb9776f30939ee111f4c6004da311a  2007.1/x86_64/wpa_supplicant-0.5.7-1.2mdv2007.1.x86_64.rpm 
 e7d7710a93440902d0ccd7b90ea6e939  2007.1/SRPMS/madwifi-source-0.9.3.1-1.1mdv2007.1.src.rpm
 866afdd304a0bf415823a5db06b95066  2007.1/SRPMS/wpa_supplicant-0.5.7-1.2mdv2007.1.src.rpm

2007.1 i586

 1b51de79156fce38f5a8d1310632e2a4  2007.1/i586/madwifi-source-0.9.3.1-1.1mdv2007.1.noarch.rpm
 32a18c21ab8217e4a076e9a2070b9c9b  2007.1/i586/wpa_gui-0.5.7-1.2mdv2007.1.i586.rpm
 b11c90cf4a982d3651cc5485198dd4d1  2007.1/i586/wpa_supplicant-0.5.7-1.2mdv2007.1.i586.rpm 
 e7d7710a93440902d0ccd7b90ea6e939  2007.1/SRPMS/madwifi-source-0.9.3.1-1.1mdv2007.1.src.rpm
 866afdd304a0bf415823a5db06b95066  2007.1/SRPMS/wpa_supplicant-0.5.7-1.2mdv2007.1.src.rpm

2007.0 x86_64

 12348dbfba8628bfa7594209190591eb  2007.0/x86_64/madwifi-source-0.9.3.1-1.1mdv2007.0.noarch.rpm
 f17c658cae2dcfe6b3e97607584a2f2a  2007.0/x86_64/wpa_gui-0.5.5-2.2mdv2007.0.x86_64.rpm
 71d9dc132a98d7113013e7a49459211d  2007.0/x86_64/wpa_supplicant-0.5.5-2.2mdv2007.0.x86_64.rpm 
 cbcd53386bcfebff8d220b27059e6b69  2007.0/SRPMS/madwifi-source-0.9.3.1-1.1mdv2007.0.src.rpm
 59139f14e119e5c205df03a02771f070  2007.0/SRPMS/wpa_supplicant-0.5.5-2.2mdv2007.0.src.rpm

2007.0 i586

 12348dbfba8628bfa7594209190591eb  2007.0/i586/madwifi-source-0.9.3.1-1.1mdv2007.0.noarch.rpm
 69f23c96b9e5419bb9add4553b875cce  2007.0/i586/wpa_gui-0.5.5-2.2mdv2007.0.i586.rpm
 d09b5b0e4f5fdf4fc4db948dbffea169  2007.0/i586/wpa_supplicant-0.5.5-2.2mdv2007.0.i586.rpm 
 cbcd53386bcfebff8d220b27059e6b69  2007.0/SRPMS/madwifi-source-0.9.3.1-1.1mdv2007.0.src.rpm
 59139f14e119e5c205df03a02771f070  2007.0/SRPMS/wpa_supplicant-0.5.5-2.2mdv2007.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2831
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2830
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2829