CVE-2008-4395

Published: 06 November 2008

Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.

From the Ubuntu security team

Anders Kaseorg discovered that ndiswrapper did not correctly handle long ESSIDs. If ndiswrapper is in use, a physically near-by attacker could generate specially crafted wireless network traffic and crash the system, leading to a denial of service.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream Needs triage

linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream Needs triage

linux-source-2.6.20
Launchpad, Ubuntu, Debian
Upstream Needs triage

linux-source-2.6.22
Launchpad, Ubuntu, Debian
Upstream Needs triage

linux-ubuntu-modules-2.6.22
Launchpad, Ubuntu, Debian
Upstream Needs triage

linux-ubuntu-modules-2.6.24
Launchpad, Ubuntu, Debian
Upstream Needs triage