A buffer overflow vulnerability exists in the Madwifi wireless driver. If successfully exploited, an attacker may be able to execute arbitrary code, or cause a denial-of-service condition.
The Madwifi driver is a Linux kernel device driver for Atheros-based 802.11 a/b/g compatible wireless LAN adapters. Linux distributions may include the Madwifi driver in their default installation, or as an optional package. Commercial access points and networking equipment may also use the Madwifi driver.
A buffer overflow vulnerability has been discovered in the Madwifi driver. This overflow occurs because the driver does not properly process the information element part of probe response management frames. An attacker within radio range may be able to trigger the overflow by sending a specially-crafted 802.11 management frame to a vulnerable system. Since 802.11b and 802.11g management frames are not encrypted or authenticated, using wireless encryption (WEP/WPA) does not mitigate this vulnerability.
A remote, unauthenticated attacker within 802.11 radio range may be able to execute arbitrary code with kernel privileges, or cause a denial-of-service condition.
Gentoo Linux Affected
Novell, Inc. Affected
Debian GNU/Linux Not Affected
Fedora Project Not Affected
Openwall GNU/*/Linux Not Affected
Red Hat, Inc. Not Affected
Conectiva Inc. Unknown
Engarde Secure Linux Unknown
Hewlett-Packard Company Unknown
IBM Corporation (zseries) Unknown
IBM eServer Unknown
Immunix Communications, Inc. Unknown
Ingrian Networks, Inc. Unknown
Mandriva, Inc. Unknown
MontaVista Software, Inc. Unknown
SUSE Linux Unknown
Slackware Linux Inc. Unknown
Sun Microsystems, Inc. Unknown
The SCO Group Unknown
Trustix Secure Linux Unknown
Thanks to the Madwifi Team for providing information about this vulnerability.
This document was written by Ryan Giobbi.
|Date First Published:
|Date Last Updated:
|2007-01-10 16:44 UTC