Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-restricted-modules-2.6.15/.17/.20 vulnerabilities (USN-479-1)

Ubuntu Security Notice (C) 2007-2016 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Multiple flaws in the MadWifi driver were discovered that could lead
to a system crash. A physically near-by attacker could generate
specially crafted wireless network traffic and cause a denial of
service. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829,
CVE-2007-2830)

A flaw was discovered in the MadWifi driver that would allow
unencrypted network traffic to be sent prior to finishing WPA
authentication. A physically near-by attacker could capture this,
leading to a loss of privacy, denial of service, or network spoofing.
(CVE-2006-7180)

A flaw was discovered in the MadWifi driver's ioctl handling. A local
attacker could read kernel memory, or crash the system, leading to a
denial of service. (CVE-2007-2831).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 28080 ()

Bugtraq ID:

CVE ID: CVE-2006-7177
CVE-2006-7178
CVE-2006-7179
CVE-2006-7180
CVE-2007-2829
CVE-2007-2830
CVE-2007-2831