Mandrake Linux Security Advisory : madwifi-source (MDKSA-2007:082)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

The ath_rate_sample function in the ath_rate/sample/sample.c sample
code in MadWifi before 0.9.3 allows remote attackers to cause a denial
of service (failed KASSERT and system crash) by moving a connected
system to a location with low signal strength, and possibly other
vectors related to a race condition between interface enabling and
packet transmission. (CVE-2005-4835)

MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a
denial of service (system crash) via unspecified vectors that lead to
a kernel panic in the ieee80211_input function, related to packets
coming from a malicious WinXP system. (CVE-2006-7177)

MadWifi before 0.9.3 does not properly handle reception of an AUTH
frame by an IBSS node, which allows remote attackers to cause a denial
of service (system crash) via a certain AUTH frame. (CVE-2006-7178)

ieee80211_input.c in MadWifi before 0.9.3 does not properly process
Channel Switch Announcement Information Elements (CSA IEs), which
allows remote attackers to cause a denial of service (loss of
communication) via a Channel Switch Count less than or equal to one,
triggering a channel change. (CVE-2006-7179)

ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets
before WPA authentication succeeds, which allows remote attackers to
obtain sensitive information (related to network structure), and
possibly cause a denial of service (disrupted authentication) and
conduct spoofing attacks. (CVE-2006-7180)

Updated packages have been updated to 0.9.3 to correct this issue.
Wpa_supplicant is built using madwifi-source and has been rebuilt
using 0.9.3 source.

Solution :

Update the affected madwifi-source, wpa_gui and / or wpa_supplicant
packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 25033 (mandrake_MDKSA-2007-082.nasl)

Bugtraq ID:

CVE ID: CVE-2005-4835
CVE-2006-7177
CVE-2006-7178
CVE-2006-7179
CVE-2006-7180

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now