* [devel] [Fwd: [Madwifi-users] HEADS UP: Three security issues fixed in release 0.9.3.1]
@ 2007-05-23 11:03 Alexander Bokovoy
0 siblings, 0 replies; only message in thread
From: Alexander Bokovoy @ 2007-05-23 11:03 UTC (permalink / raw)
To: ALT Devel discussion list
-------- Исходное сообщение --------
Тема: [Madwifi-users] HEADS UP: Three security issues fixed in release
0.9.3.1
Дата: Wed, 23 May 2007 12:32:32 +0200 (CEST)
От: Michael Renzmann <mrenzmann@madwifi.org>
Кому: madwifi-users@lists.sourceforge.net
Копия: madwifi-devel@lists.sourceforge.net
Hi all.
We recently have been made aware of three security-related issues in
MadWifi v0.9.3. In response to these reports we've released v0.9.3.1 today
(which is
similar to v0.9.3 plus the relevant fixes). The release tarballs are
available for immediate download from:
http://sourceforge.net/project/showfiles.php?group_id=82936&package_id=85233
*We strongly advise all users of MadWifi to upgrade to v0.9.3.1 as soon as
possible.*
Thanks to Md Sohail Ahmad of AirTight Networks Inc. for reporting issue 1.
We also like to thank the reporter of issues 2 and 3, who has asked to
keep his identity private.
The issues are:
1. Remote DoS: insufficient input validation (beacon interval)
The beacon interval information that is gathered while scanning for Access
Points is not properly validated. This could be exploited from remote to
cause a DoS due to a "division by zero" exception.
See also: http://madwifi.org/ticket/1270
2. Remote DoS: insufficient input validation (Fast Frame parsing)
The code which parses fast frames and 802.3 frames embedded therein does
not properly validate the size parameters in such frames. This could be
exploited from remote to cause a DoS due to a NULL-pointer dereference.
See also: http://madwifi.org/ticket/1335
3. Local DoS: insufficient input validation (WMM parameters)
A restricted local user could pass invalid data to two ioctl handlers,
causing a DoS due to access being made to invalid addresses. Chances are
that this issue also might allow read and/or write access to kernel
memory; this has not yet been verified.
See also: http://madwifi.org/ticket/1334
Thanks for your attention.
Bye, Mike
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Madwifi-users mailing list
Madwifi-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/madwifi-users
--
/ Alexander Bokovoy
Samba Team http://www.samba.org/
ALT Linux Team http://www.altlinux.org/
Midgard Project Ry http://www.midgard-project.org/
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2007-05-23 11:03 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-05-23 11:03 [devel] [Fwd: [Madwifi-users] HEADS UP: Three security issues fixed in release 0.9.3.1] Alexander Bokovoy
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git