Bug#446824: CVE-2007-5448 remote denial of service via crafted beacon frame
luk at debian.org
Sat Dec 29 23:54:48 UTC 2007
Faidon Liambotis wrote:
> Luk Claes wrote:
>>> | Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial
>>> | of service (panic) via a beacon frame with a large length value in the
>>> | extended supported rates (xrates) element, which triggers an assertion
>>> | error, related to net80211/ieee80211_scan_ap.c and
>>> | net80211/ieee80211_scan_sta.c.
>>> If you fix this vulnerability please also include the CVE id
>>> in your changelog entry.
>>> This is fixed in upstream svn on:
>>> For further information:
>>>  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5448
>> Can you please upload a fixed package to stable?
> This is remotely exploitable over the air -- an attacker could send a
> specially crafted packet with his wireless device and crash all affected
> systems literally around him. Imagine exploiting this e.g. on a DebConf.
> IMHO (I'm not a maintainer) this should be fixed ASAP in stable-security
> and the DSA should include that manual action is required to actually
> fix this (rebuilding and reloading the kernel modules).
non-free is not supported by the security team, that's why I ask the
maintainer to upload it...
More information about the Pkg-madwifi-maintainers