sdkp1-madwifiSecurity update for madwifiSecurity update for madwifiThe madwifi driver and userland packages were updated to
0.9.3.1. Please note that while the RPM version still says
"0.9.3", the content is the 0.9.3.1 version.
This updates fixes following security problems:
CVE-2007-2829: The 802.11 network stack in
net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows
remote attackers to cause a denial of service (system hang)
via a crafted length field in nested 802.3 Ethernet frames
in Fast Frame packets, which results in a NULL pointer
dereference.
CVE-2007-2830: The ath_beacon_config function in if_ath.c
in MadWifi before 0.9.3.1 allows remote attackers to cause
a denial of service (system crash) via crafted beacon
interval information when scanning for access points, which
triggers a divide-by-zero error.
CVE-2007-2831: Array index error in the (1)
ieee80211_ioctl_getwmmparams and (2)
ieee80211_ioctl_setwmmparams functions in
net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1
allows local users to cause a denial of service (system
crash), possibly obtain kernel memory contents, and
possibly execute arbitrary code via a large negative array
index value.
"remote attackers" are attackers within range of the WiFi
reception of the card.
Please note that the problems fixed in 0.9.3 were fixed by
the madwifi Version upgrade to 0.9.3 in SLE10 Service Pack
1. (CVE-2005-4835, CVE-2006-7177, CVE-2006-7178,
CVE-2006-7179, CVE-2006-7180).
The madwifi driver and userland packages were updated to
0.9.3.1. Please note that while the RPM version still says
"0.9.3", the content is the 0.9.3.1 version.
This updates fixes following security problems:
CVE-2007-2829: The 802.11 network stack in
net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows
remote attackers to cause a denial of service (system hang)
via a crafted length field in nested 802.3 Ethernet frames
in Fast Frame packets, which results in a NULL pointer
dereference.
CVE-2007-2830: The ath_beacon_config function in if_ath.c
in MadWifi before 0.9.3.1 allows remote attackers to cause
a denial of service (system crash) via crafted beacon
interval information when scanning for access points, which
triggers a divide-by-zero error.
CVE-2007-2831: Array index error in the (1)
ieee80211_ioctl_getwmmparams and (2)
ieee80211_ioctl_setwmmparams functions in
net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1
allows local users to cause a denial of service (system
crash), possibly obtain kernel memory contents, and
possibly execute arbitrary code via a large negative array
index value.
"remote attackers" are attackers within range of the WiFi
reception of the card.
Please note that the problems fixed in 0.9.3 were fixed by
the madwifi Version upgrade to 0.9.3 in SLE10 Service Pack
1. (CVE-2005-4835, CVE-2006-7177, CVE-2006-7178,
CVE-2006-7179, CVE-2006-7180).
securitymadwifii58687c7faab379571650685c6b10636ff804b516bf7madwifi-develi586d2c98edf7c912abde83f89a012f03bdf2cb5f9d2