Subject: HEADS UP: Security issue fixed in release 0.9.2.1 / r1842 - CVE-2006-6332
Newsgroups: gmane.linux.drivers.madwifi.user, gmane.linux.drivers.madwifi.devel
Date: 2006-12-07 16:02:08 GMT (2 years, 29 weeks, 6 days, 12 hours and 4 minutes ago)
Hi all. As reported earlier by Julien Tinnes [1] a security issue has been discovered by a group of researchers from France Telecom. The issue, CVE-2006-6332 [2], is caused by a buffer overflow bug in some routines that are used for scanning for Access Points. The bug can be triggered by sending properly crafted 802.11 beacon and/or probe response frames, which allows to inject and execute code on the scanning hosts. In other words: this issue is remotely exploitable. This is a critical security flaw. From what we know so far, the bug has been in trunk since r1504 (probably longer). This means that all previous releases of MadWifi (0.9.0, 0.9.1 and 0.9.2) are affected. In response to Julien's report we released v0.9.2.1 today (which is similar to v0.9.2 plus the fix for CVE-2006-6332) and committed the same fix to trunk in r1842. We recommend to upgrade immediately. The v0.9.2.1 tarball can be downloaded from sf.net [3]. A snapshot tarball of r1842 is available as well [4]. The MadWifi team would like to thank Julien Tinnes, Laurent Butti and Jerome Razniewski for their investigation, report and cooperation. Bye, Mike [1] http://article.gmane.org/gmane.linux.drivers.madwifi.user/11906 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6332 [3] http://sourceforge.net/project/showfiles.php?group_id=82936 [4] http://snapshots.madwifi.org/madwifi-ng/madwifi-ng-r1842-20061207.tar.gz ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV