USN-479-1: MadWifi vulnerabilities

29 June 2007

MadWifi vulnerabilities

Releases

Details

Multiple flaws in the MadWifi driver were discovered that could lead
to a system crash. A physically near-by attacker could generate
specially crafted wireless network traffic and cause a denial of
service. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829,
CVE-2007-2830)

A flaw was discovered in the MadWifi driver that would allow unencrypted
network traffic to be sent prior to finishing WPA authentication.
A physically near-by attacker could capture this, leading to a loss of
privacy, denial of service, or network spoofing. (CVE-2006-7180)

A flaw was discovered in the MadWifi driver's ioctl handling. A local
attacker could read kernel memory, or crash the system, leading to a
denial of service. (CVE-2007-2831)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.04
  • linux-restricted-modules-2.6.20-16-powerpc64-smp - 2.6.20.5-16.29
  • linux-restricted-modules-2.6.20-16-386 - 2.6.20.5-16.29
  • linux-restricted-modules-2.6.20-16-lowlatency - 2.6.20.5-16.29
  • linux-restricted-modules-2.6.20-16-sparc64-smp - 2.6.20.5-16.29
  • linux-restricted-modules-2.6.20-16-sparc64 - 2.6.20.5-16.29
  • linux-restricted-modules-2.6.20-16-powerpc - 2.6.20.5-16.29
  • linux-restricted-modules-2.6.20-16-generic - 2.6.20.5-16.29
  • linux-restricted-modules-2.6.20-16-powerpc-smp - 2.6.20.5-16.29
Ubuntu 6.10
  • linux-restricted-modules-2.6.17-11-sparc64 - 2.6.17.8-11.2
  • linux-restricted-modules-2.6.17-11-sparc64-smp - 2.6.17.8-11.2
  • linux-restricted-modules-2.6.17-11-powerpc64-smp - 2.6.17.8-11.2
  • linux-restricted-modules-2.6.17-11-powerpc - 2.6.17.8-11.2
  • linux-restricted-modules-2.6.17-11-generic - 2.6.17.8-11.2
  • linux-restricted-modules-2.6.17-11-powerpc-smp - 2.6.17.8-11.2
  • linux-restricted-modules-2.6.17-11-386 - 2.6.17.8-11.2
Ubuntu 6.06
  • linux-restricted-modules-2.6.15-28-686 - 2.6.15.12-28.2
  • linux-restricted-modules-2.6.15-28-amd64-k8 - 2.6.15.12-28.2
  • linux-restricted-modules-2.6.15-28-amd64-xeon - 2.6.15.12-28.2
  • linux-restricted-modules-2.6.15-28-k7 - 2.6.15.12-28.2
  • linux-restricted-modules-2.6.15-28-sparc64 - 2.6.15.12-28.2
  • linux-restricted-modules-2.6.15-28-sparc64-smp - 2.6.15.12-28.2
  • linux-restricted-modules-2.6.15-28-powerpc-smp - 2.6.15.12-28.2
  • linux-restricted-modules-2.6.15-28-amd64-generic - 2.6.15.12-28.2
  • linux-restricted-modules-2.6.15-28-386 - 2.6.15.12-28.2
  • linux-restricted-modules-2.6.15-28-powerpc - 2.6.15.12-28.2

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.