Detections
Analytics

SuSE 10 Security Update : madwifi (ZYPP Patch Number 3897)

critical Nessus Plugin ID 29517

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

The madwifi driver and userland packages were updated to 0.9.3.1.
Please note that while the RPM version still says '0.9.3', the content is the 0.9.3.1 version.

This updates fixes following security problems :

 - The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. (CVE-2007-2829)

 - The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error. (CVE-2007-2830)

 - Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value. (CVE-2007-2831)

'remote attackers' are attackers within range of the WiFi reception of the card.

Please note that the problems fixed in 0.9.3 were fixed by the madwifi Version upgrade to 0.9.3 in SLE10 Service Pack 1. (CVE-2005-4835 / CVE-2006-7177 / CVE-2006-7178 / CVE-2006-7179 / CVE-2006-7180).

Solution

Apply ZYPP patch number 3897.

See Also

http://support.novell.com/security/cve/CVE-2005-4835.html

http://support.novell.com/security/cve/CVE-2006-7177.html

http://support.novell.com/security/cve/CVE-2006-7178.html

http://support.novell.com/security/cve/CVE-2006-7179.html

http://support.novell.com/security/cve/CVE-2006-7180.html

http://support.novell.com/security/cve/CVE-2007-2829.html

http://support.novell.com/security/cve/CVE-2007-2830.html

http://support.novell.com/security/cve/CVE-2007-2831.html

Plugin Details

Severity: Critical

ID: 29517

File Name: suse_madwifi-3897.nasl

Version: 1.16

Type: local

Agent: unix

Published: 12/13/2007

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 7/16/2007

Reference Information

CVE: CVE-2005-4835, CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2006-7180, CVE-2007-2829, CVE-2007-2830, CVE-2007-2831

CWE: 119