Mandrake Linux Security Advisory : madwifi-source (MDKSA-2007:082)

high Nessus Plugin ID 25033

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission. (CVE-2005-4835)

MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to packets coming from a malicious WinXP system. (CVE-2006-7177)

MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. (CVE-2006-7178)

ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change. (CVE-2006-7179)

ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks. (CVE-2006-7180)

Updated packages have been updated to 0.9.3 to correct this issue.
Wpa_supplicant is built using madwifi-source and has been rebuilt using 0.9.3 source.

Solution

Update the affected madwifi-source, wpa_gui and / or wpa_supplicant packages.

Plugin Details

Severity: High

ID: 25033

File Name: mandrake_MDKSA-2007-082.nasl

Version: 1.16

Type: local

Published: 4/12/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:madwifi-source, p-cpe:/a:mandriva:linux:wpa_gui, p-cpe:/a:mandriva:linux:wpa_supplicant, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 4/11/2007

Reference Information

CVE: CVE-2005-4835, CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2006-7180

MDKSA: 2007:082