SuSE 10 Security Update : madwifi (ZYPP Patch Number 3897)

This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

The madwifi driver and userland packages were updated to
Please note that while the RPM version still says '0.9.3', the content
is the version.

This updates fixes following security problems :

- The 802.11 network stack in net80211/ieee80211_input.c
in MadWifi before allows remote attackers to
cause a denial of service (system hang) via a crafted
length field in nested 802.3 Ethernet frames in Fast
Frame packets, which results in a NULL pointer
dereference. (CVE-2007-2829)

- The ath_beacon_config function in if_ath.c in MadWifi
before allows remote attackers to cause a denial
of service (system crash) via crafted beacon interval
information when scanning for access points, which
triggers a divide-by-zero error. (CVE-2007-2830)

- Array index error in the (1)
ieee80211_ioctl_getwmmparams and (2)
ieee80211_ioctl_setwmmparams functions in
net80211/ieee80211_wireless.c in MadWifi before
allows local users to cause a denial of service (system
crash), possibly obtain kernel memory contents, and
possibly execute arbitrary code via a large negative
array index value. (CVE-2007-2831)

'remote attackers' are attackers within range of the WiFi reception of
the card.

Please note that the problems fixed in 0.9.3 were fixed by the madwifi
Version upgrade to 0.9.3 in SLE10 Service Pack 1. (CVE-2005-4835 /
CVE-2006-7177 / CVE-2006-7178 / CVE-2006-7179 / CVE-2006-7180).

See also :

Solution :

Apply ZYPP patch number 3897.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 29517 ()

Bugtraq ID:

CVE ID: CVE-2005-4835

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now