MADWiFi Linux Kernel Device Driver Multiple Remote Buffer Overflow Vulnerabilities
BID:21486
Info
MADWiFi Linux Kernel Device Driver Multiple Remote Buffer Overflow Vulnerabilities
| Bugtraq ID: | 21486 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6332 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 07 2006 12:00AM |
| Updated: | Mar 01 2007 06:05PM |
| Credit: | Laurent Butti, Jerome Razniewski and Julien Tinnes are credited with the discovery of these issues. |
| Vulnerable: |
Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 SuSE Linux 9.3 SuSE Linux 10.0 MADWifi MADWifi 0.9.2 Gentoo Linux |
| Not Vulnerable: |
MADWifi MADWifi 0.9.2.1 |
Discussion
MADWiFi Linux Kernel Device Driver Multiple Remote Buffer Overflow Vulnerabilities
The MADWiFi device driver is prone to multiple remote stack-based buffer-overflow vulnerabilities because the software fails to do proper bounds-checking of user-supplied data before copying it to an insufficiently sized memory buffer.
These issues affect only computers with the vulnerable device driver compiled, installed, and enabled on Linux operating systems. Also, victims must be running a local application to scan available access points for the return packets.
A remote attacker may exploit these issues to cause denial-of-service conditions or to possibly execute arbitrary code in the context of the affected kernel. Successful exploits can result in a complete compromise of affected computers.
Versions of the MADWiFi device driver prior to 0.9.2.1 are vulnerable.
The MADWiFi device driver is prone to multiple remote stack-based buffer-overflow vulnerabilities because the software fails to do proper bounds-checking of user-supplied data before copying it to an insufficiently sized memory buffer.
These issues affect only computers with the vulnerable device driver compiled, installed, and enabled on Linux operating systems. Also, victims must be running a local application to scan available access points for the return packets.
A remote attacker may exploit these issues to cause denial-of-service conditions or to possibly execute arbitrary code in the context of the affected kernel. Successful exploits can result in a complete compromise of affected computers.
Versions of the MADWiFi device driver prior to 0.9.2.1 are vulnerable.
Exploit / POC
MADWiFi Linux Kernel Device Driver Multiple Remote Buffer Overflow Vulnerabilities
The following exploits are available:
The following exploits are available:
Solution / Fix
MADWiFi Linux Kernel Device Driver Multiple Remote Buffer Overflow Vulnerabilities
Solution:
The vendor released version 0.9.2.1 to address these issues. Please see the references for more information.
MADWifi MADWifi 0.9.2
Solution:
The vendor released version 0.9.2.1 to address these issues. Please see the references for more information.
MADWifi MADWifi 0.9.2
-
MADWifi madwifi-0.9.2.1.tar
http://sourceforge.net/project/showfiles.php?group_id=82936&package_id =85233
References
MADWiFi Linux Kernel Device Driver Multiple Remote Buffer Overflow Vulnerabilities
References:
References:
- MADWiFi Homepage (MADWiFi)
- MADWiFi Security Advisory (MADWiFi)