MDKSA-2007:082

Package name

madwifi-source

Date

2007-04-11

Advisory ID

MDKSA-2007:082

Affected versions

2007.1 x86_64 , 2007.1 i586 , 2007.0 x86_64 , 2007.0 i586

Problem description

The ath_rate_sample function in the ath_rate/sample/sample.c sample
code in MadWifi before 0.9.3 allows remote attackers to cause a denial
of service (failed KASSERT and system crash) by moving a connected
system to a location with low signal strength, and possibly other
vectors related to a race condition between interface enabling and
packet transmission. (CVE-2005-4835)

MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause
a denial of service (system crash) via unspecified vectors that lead
to a kernel panic in the ieee80211_input function, related to packets
coming from a malicious WinXP system. (CVE-2006-7177)

MadWifi before 0.9.3 does not properly handle reception of an AUTH
frame by an IBSS node, which allows remote attackers to cause a denial
of service (system crash) via a certain AUTH frame. (CVE-2006-7178)

ieee80211_input.c in MadWifi before 0.9.3 does not properly process
Channel Switch Announcement Information Elements (CSA IEs), which
allows remote attackers to cause a denial of service (loss of
communication) via a Channel Switch Count less than or equal to one,
triggering a channel change. (CVE-2006-7179)

ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets
before WPA authentication succeeds, which allows remote attackers
to obtain sensitive information (related to network structure),
and possibly cause a denial of service (disrupted authentication)
and conduct spoofing attacks. (CVE-2006-7180)

Updated packages have been updated to 0.9.3 to correct this
issue. Wpa_supplicant is built using madwifi-source and has been
rebuilt using 0.9.3 source.

Updated packages

2007.1 x86_64

 b1516928d8a7912697ed745a4c7d7e92  2007.1/x86_64/madwifi-source-0.9.3-1.1mdv2007.1.noarch.rpm
 f2d503a7c9c75a2e7a893bf9ac21b67d  2007.1/x86_64/wpa_gui-0.5.7-1.1mdv2007.1.x86_64.rpm
 cab5de7a034f25e3a1135ebb4baf540a  2007.1/x86_64/wpa_supplicant-0.5.7-1.1mdv2007.1.x86_64.rpm 
 5cfe8a50972bc71713aeec6e3fd16477  2007.1/SRPMS/madwifi-source-0.9.3-1.1mdv2007.1.src.rpm
 39d7ca78f1476cf4cc1e9424b839687d  2007.1/SRPMS/wpa_supplicant-0.5.7-1.1mdv2007.1.src.rpm

2007.1 i586

 b1516928d8a7912697ed745a4c7d7e92  2007.1/i586/madwifi-source-0.9.3-1.1mdv2007.1.noarch.rpm
 f8f1afbd019cee7198980cea27f51888  2007.1/i586/wpa_gui-0.5.7-1.1mdv2007.1.i586.rpm
 1b6c006280fc9e489367a33277aedec2  2007.1/i586/wpa_supplicant-0.5.7-1.1mdv2007.1.i586.rpm 
 5cfe8a50972bc71713aeec6e3fd16477  2007.1/SRPMS/madwifi-source-0.9.3-1.1mdv2007.1.src.rpm
 39d7ca78f1476cf4cc1e9424b839687d  2007.1/SRPMS/wpa_supplicant-0.5.7-1.1mdv2007.1.src.rpm

2007.0 x86_64

 d7cbe028e271f0f8d774905558e74fdc  2007.0/x86_64/madwifi-source-0.9.3-1.1mdv2007.0.noarch.rpm
 286aebce2515abdf2ce786d568ca561a  2007.0/x86_64/wpa_gui-0.5.5-2.1mdv2007.0.x86_64.rpm
 b65aa19f1f3f3e54fe1417e01efa0618  2007.0/x86_64/wpa_supplicant-0.5.5-2.1mdv2007.0.x86_64.rpm 
 aaec8f2686274bd944a2a0932180a91d  2007.0/SRPMS/madwifi-source-0.9.3-1.1mdv2007.0.src.rpm
 8b9dad3443aab464e3f32bdf6e5e4ab6  2007.0/SRPMS/wpa_supplicant-0.5.5-2.1mdv2007.0.src.rpm

2007.0 i586

 d7cbe028e271f0f8d774905558e74fdc  2007.0/i586/madwifi-source-0.9.3-1.1mdv2007.0.noarch.rpm
 904a90761313b1cc56d6a0ff0d477ad7  2007.0/i586/wpa_gui-0.5.5-2.1mdv2007.0.i586.rpm
 052bfcc81003cc8b6656434e4611a521  2007.0/i586/wpa_supplicant-0.5.5-2.1mdv2007.0.i586.rpm 
 aaec8f2686274bd944a2a0932180a91d  2007.0/SRPMS/madwifi-source-0.9.3-1.1mdv2007.0.src.rpm
 8b9dad3443aab464e3f32bdf6e5e4ab6  2007.0/SRPMS/wpa_supplicant-0.5.5-2.1mdv2007.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4835
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7177
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7178
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7179
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7180