Bug#446824: CVE-2007-5448 remote denial of service via crafted beacon frame
Kel Modderman
kel at otaku42.de
Tue Oct 16 23:21:05 UTC 2007
On Wed, 17 Oct 2007 03:01:24 am Nico Golde wrote:
> Hi,
>
> * Nico Golde <nion at debian.org> [2007-10-16 17:59]:
> > Hi Kel,
> >
> > * Kel Modderman <kel at otaku42.de> [2007-10-16 17:14]:
> > > tags 446824 pending
> > > thanks
> > >
> > > On Tue, 16 Oct 2007 08:37:31 am Nico Golde wrote:
> > > > | Madwifi 0.9.3.2 and earlier allows remote attackers to cause a
> > > > | denial of service (panic) via a beacon frame with a large length
> > > > | value in the extended supported rates (xrates) element, which
> > > > | triggers an assertion error, related to
> > > > | net80211/ieee80211_scan_ap.c and
> > > > | net80211/ieee80211_scan_sta.c.
> > >
> > > net80211/ieee80211_scan_ap.c in not vulnerable in any stable release
> > > from madwifi.org[0], the CVE is slightly misleading in regards to that
> > > detail.
> >
> > Well I never said it is :) But thanks for the information, I
> > checked this and added it as not-affected to the security
> > tracker.
>
> Correction, I misunderstood you, thanks Moritz for pointing
> me to this. At least the code in ieee80211_scan_sta.c is
> vulnerable in the Debian versions if I don't miss anything.
> Kind regards
> Nico
Yes, thats correct. ieee80211_scan_sta.c is vulnerable in all upstream and
debian versions.
Kel.
More information about the Pkg-madwifi-maintainers
mailing list