This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200704-15
(MadWifi: Multiple vulnerabilities)
The driver does not properly process Channel Switch Announcement
Information Elements, allowing for an abnormal channel change. The
ieee80211_input() function does not properly handle AUTH frames and the
driver sends unencrypted packets before WPA authentication succeeds.
A remote attacker could send specially crafted AUTH frames to the
vulnerable host, resulting in a Denial of Service by crashing the
kernel. A remote attacker could gain access to sensitive information
about network architecture by sniffing unencrypted packets. A remote
attacker could also send a Channel Switch Count less than or equal to
one to trigger a channel change, resulting in a communication loss and
a Denial of Service.
There is no known workaround at this time.
See also :
All MadWifi users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-wireless/madwifi-ng-0.9.3'
Risk factor :
High / CVSS Base Score : 7.8
Family: Gentoo Local Security Checks
Nessus Plugin ID: 25060 (gentoo_GLSA-200704-15.nasl)
CVE ID: CVE-2006-7178CVE-2006-7179CVE-2006-7180
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.