Your submission was sent successfully! Close

CVE-2008-4395

Published: 6 November 2008

Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.

From the Ubuntu security team

Anders Kaseorg discovered that ndiswrapper did not correctly handle long ESSIDs. If ndiswrapper is in use, a physically near-by attacker could generate specially crafted wireless network traffic and crash the system, leading to a denial of service.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy Not vulnerable
(code not present)
intrepid
Released (2.6.27-7.16)
upstream Needs triage

linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(code not present)
feisty Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream Needs triage

linux-source-2.6.20
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Not vulnerable
(code not present)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream Needs triage

linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Not vulnerable
(code not present)
hardy Does not exist

intrepid Does not exist

upstream Needs triage

linux-ubuntu-modules-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy
Released (2.6.22-15.40)
hardy Does not exist

intrepid Does not exist

upstream Needs triage

linux-ubuntu-modules-2.6.24
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy
Released (2.6.24-21.33)
intrepid Does not exist

upstream Needs triage