MADWiFi IEEE80211_Output.C Unencrypted Data Packet Multiple Vulnerabilities
BID:23434
Info
MADWiFi IEEE80211_Output.C Unencrypted Data Packet Multiple Vulnerabilities
| Bugtraq ID: | 23434 |
| Class: | Unknown |
| CVE: |
CVE-2006-7180 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 11 2007 12:00AM |
| Updated: | Jul 24 2007 04:55AM |
| Credit: | The vendor reported these vulnerabilities. |
| Vulnerable: |
Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE Linux Desktop 10 Pardus Linux 2007.1 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MADWifi MADWifi 0.9.2 MADWifi MADWifi 0.9.2.1 Gentoo net-wireless/madwifi-ng 0.9.2.1 Foresight Linux Foresight Linux 1.1 |
| Not Vulnerable: |
MADWifi MADWifi 0.9.3 Gentoo net-wireless/madwifi-ng 0.9.3 |
Discussion
MADWiFi IEEE80211_Output.C Unencrypted Data Packet Multiple Vulnerabilities
MADWiFi is prone to a denial-of-service vulnerability, an information-disclosure issue, and a packet-spoofing vulnerability. These issues occur because of a design error.
An attacker can exploit these issues to spoof network traffic, crash arbitrary processes, and gain access to sensitive information.
These issues affect versions prior to 0.9.3.
MADWiFi is prone to a denial-of-service vulnerability, an information-disclosure issue, and a packet-spoofing vulnerability. These issues occur because of a design error.
An attacker can exploit these issues to spoof network traffic, crash arbitrary processes, and gain access to sensitive information.
These issues affect versions prior to 0.9.3.
Exploit / POC
MADWiFi IEEE80211_Output.C Unencrypted Data Packet Multiple Vulnerabilities
To exploit these issues, attackers can use readily available networking tools.
To exploit these issues, attackers can use readily available networking tools.
Solution / Fix
MADWiFi IEEE80211_Output.C Unencrypted Data Packet Multiple Vulnerabilities
Solution:
The vendor has released version 0.9.3 to address this issue. Please see the references for more information.
MADWifi MADWifi 0.9.2.1
MADWifi MADWifi 0.9.2
Solution:
The vendor has released version 0.9.3 to address this issue. Please see the references for more information.
MADWifi MADWifi 0.9.2.1
-
MADWifi madwifi-0.9.3.tar.gz
http://downloads.sourceforge.net/madwifi/madwifi-0.9.3.tar.gz?modtime= 1174314363&big_mirror=0
MADWifi MADWifi 0.9.2
-
MADWifi madwifi-0.9.3.tar.gz
http://downloads.sourceforge.net/madwifi/madwifi-0.9.3.tar.gz?modtime= 1174314363&big_mirror=0 -
Mandriva madwifi-source-0.9.3-1.1mdv2007.0.noarch.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva madwifi-source-0.9.3-1.1mdv2007.0.noarch.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva madwifi-source-0.9.3-1.1mdv2007.1.noarch.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva madwifi-source-0.9.3-1.1mdv2007.1.noarch.rpm
Mandriva Linux 2007.1:
http://www.mandriva.com/en/download -
Mandriva wpa_gui-0.5.5-2.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva wpa_gui-0.5.5-2.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva wpa_gui-0.5.7-1.1mdv2007.1.i586.rpm
Mandriva Linux 2007.1:
http://www.mandriva.com/en/download -
Mandriva wpa_gui-0.5.7-1.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download -
Mandriva wpa_supplicant-0.5.5-2.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva wpa_supplicant-0.5.5-2.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva wpa_supplicant-0.5.7-1.1mdv2007.1.i586.rpm
Mandriva Linux 2007.1:
http://www.mandriva.com/en/download -
Mandriva wpa_supplicant-0.5.7-1.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
References
MADWiFi IEEE80211_Output.C Unencrypted Data Packet Multiple Vulnerabilities
References:
References:
- MADWiFi Homepage (MADWiFi)
- MADWifi Release Notes 0.9.3 (MADWifi)