Detections
Analytics

GLSA-200612-09 : MadWifi: Kernel driver buffer overflow

high Nessus Plugin ID 23861

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200612-09 (MadWifi: Kernel driver buffer overflow)

 Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer overflow in the encode_ie() and the giwscan_cb() functions from ieee80211_wireless.c.
 Impact :

 A remote attacker could send specially crafted wireless WPA packets containing malicious RSN Information Headers (IE) that could potentially lead to the remote execution of arbitrary code as the root user.
 Workaround :

 There is no known workaround at this time.

Solution

All MadWifi users should upgrade to the latest version:
 # emerge --sync # emerge --ask --oneshot --verbose '>=net-wireless/madwifi-ng-0.9.2.1'

See Also

https://security.gentoo.org/glsa/200612-09

Plugin Details

Severity: High

ID: 23861

File Name: gentoo_GLSA-200612-09.nasl

Version: 1.16

Type: local

Published: 12/14/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:madwifi-ng, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/10/2006

Reference Information

CVE: CVE-2006-6332

BID: 21486

GLSA: 200612-09