|
 |
|
MadWifi Denial of Service and Information Disclosure Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA24670
|
|
|
Release Date:
|
2007-04-02
|
|
Last Update:
|
2007-04-12
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of sensitive information
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | MadWifi 0.x
|
| | CVE reference: | CVE-2006-7177 (Secunia mirror)
CVE-2006-7178 (Secunia mirror)
CVE-2006-7179 (Secunia mirror)
CVE-2006-7180 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in MadWifi, which can be exploited by malicious people to gain knowledge of potentially sensitive information or cause a DoS (Denial of Service).
1) An error within the "ieee80211_input()" function when handling AUTH frames from IBSS nodes can be exploited to cause a kernel crash by sending specially crafted AUTH frames.
Successful exploitation may require that the "Ad-Hoc" mode is used.
2) MadWifi does not correctly handle Channel Switch Announcements. This can be exploited to force a channel switch thus interrupting the communication by injecting a Channel Switch Announcement with "CS Count" set to 1 or less.
3) An error within ieee80211_output.c may cause unencrypted packets to be sent before the WPA authentication is completed. This can be exploited to gain knowledge of certain sensitive information, which may be leveraged for further attacks.
The vulnerabilities are reported in versions prior to 0.9.3.
Solution:
Update to version 0.9.3.
Provided and/or discovered by:
1) kurth
2, 3) Reported by the vendor.
Changelog:
2007-04-12: Added CVE reference.
Original Advisory:
http://madwifi.org/ticket/880
http://madwifi.org/ticket/963
http://madwifi.org/ticket/967
http://madwifi.org/wiki/Releases/0.9.3
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
3 Related Secunia Security Advisories
|
|
|
1. MadWifi "xrates" Element Denial of Service
|
|
2. MadWifi Multiple Denial of Service Vulnerabilities
|
|
3. MadWifi Buffer Overflow Vulnerability
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
