Bug 11320 - CVE-2006-7178..CVE-2006-7180 in madwifi < 0.93
Summary: CVE-2006-7178..CVE-2006-7180 in madwifi < 0.93
Alias: None
Product: Sisyphus
Classification: Development
Component: kernel-source-madwifi (show other bugs)
Version: unstable
Hardware: all Linux
: P2 major
Assignee: Alexei Takaseev
QA Contact: qa-sisyphus
URL: http://secunia.com/advisories/24670/
Depends on:
Reported: 2007-04-02 23:21 MSD by Michael Shigorin
Modified: 2007-06-04 14:12 MSD (History)
12 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Shigorin 2007-04-02 23:21:11 MSD
Some vulnerabilities have been reported in MadWifi, which can be exploited by
malicious people to gain knowledge of potentially sensitive information or cause
a DoS (Denial of Service).

1) An error within the "ieee80211_input()" function when handling AUTH frames
from IBSS nodes can be exploited to cause a kernel crash by sending specially
crafted AUTH frames.

Successful exploitation may require that the "Ad-Hoc" mode is used.

2) MadWifi does not correctly handle Channel Switch Announcements. This can be
exploited to force a channel switch thus interrupting the communication by
injecting a Channel Switch Announcement with "CS Count" set to 1 or less.

3) An error within ieee80211_output.c may cause unencrypted packets to be sent
before the WPA authentication is completed. This can be exploited to gain
knowledge of certain sensitive information, which may be leveraged for further

The vulnerabilities are reported in versions prior to 0.9.3.

Update to version 0.9.3.

Provided and/or discovered by:
1) kurth
2, 3) Reported by the vendor.
Comment 1 Alexander Bokovoy 2007-04-02 23:26:00 MSD
Последним его собирал taf@, у меня уже и карточки поломались на Atheros.
Comment 2 Slava Semushin 2007-06-04 14:12:52 MSD
lakostis@ обновил kernel-source-madwifi до версии 23 мая.