[Madwifi-devel] HEADS UP: Security issue fixed in release 0.9.2.1 / r1842 - CVE-2006-6332
Status: Beta
Brought to you by:
otaku
From: Michael R. <ma...@no...> - 2006-12-07 16:02:20
|
Hi all. As reported earlier by Julien Tinnes [1] a security issue has been discovered by a group of researchers from France Telecom. The issue, CVE-2006-6332 [2], is caused by a buffer overflow bug in some routines that are used for scanning for Access Points. The bug can be triggered by sending properly crafted 802.11 beacon and/or probe response frames, which allows to inject and execute code on the scanning hosts. In other words: this issue is remotely exploitable. This is a critical security flaw. From what we know so far, the bug has been in trunk since r1504 (probably longer). This means that all previous releases of MadWifi (0.9.0, 0.9.1 and 0.9.2) are affected. In response to Julien's report we released v0.9.2.1 today (which is similar to v0.9.2 plus the fix for CVE-2006-6332) and committed the same fix to trunk in r1842. We recommend to upgrade immediately. The v0.9.2.1 tarball can be downloaded from sf.net [3]. A snapshot tarball of r1842 is available as well [4]. The MadWifi team would like to thank Julien Tinnes, Laurent Butti and Jerome Razniewski for their investigation, report and cooperation. Bye, Mike [1] http://article.gmane.org/gmane.linux.drivers.madwifi.user/11906 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6332 [3] http://sourceforge.net/project/showfiles.php?group_id=82936 [4] http://snapshots.madwifi.org/madwifi-ng/madwifi-ng-r1842-20061207.tar.gz |