GLSA-200612-09 : MadWifi: Kernel driver buffer overflow

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200612-09
(MadWifi: Kernel driver buffer overflow)

Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer
overflow in the encode_ie() and the giwscan_cb() functions from
ieee80211_wireless.c.

Impact :

A remote attacker could send specially crafted wireless WPA packets
containing malicious RSN Information Headers (IE) that could
potentially lead to the remote execution of arbitrary code as the root
user.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/200612-09

Solution :

All MadWifi users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-wireless/madwifi-ng-0.9.2.1'

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 23861 (gentoo_GLSA-200612-09.nasl)

Bugtraq ID: 21486

CVE ID: CVE-2006-6332