Vulnerabilities > CVE-2006-7178 - Remote Denial of Service vulnerability in MadWifi Auth Frame IBSS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200704-15.NASL description The remote host is affected by the vulnerability described in GLSA-200704-15 (MadWifi: Multiple vulnerabilities) The driver does not properly process Channel Switch Announcement Information Elements, allowing for an abnormal channel change. The ieee80211_input() function does not properly handle AUTH frames and the driver sends unencrypted packets before WPA authentication succeeds. Impact : A remote attacker could send specially crafted AUTH frames to the vulnerable host, resulting in a Denial of Service by crashing the kernel. A remote attacker could gain access to sensitive information about network architecture by sniffing unencrypted packets. A remote attacker could also send a Channel Switch Count less than or equal to one to trigger a channel change, resulting in a communication loss and a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25060 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25060 title GLSA-200704-15 : MadWifi: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200704-15. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(25060); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2006-7178", "CVE-2006-7179", "CVE-2006-7180"); script_xref(name:"GLSA", value:"200704-15"); script_name(english:"GLSA-200704-15 : MadWifi: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200704-15 (MadWifi: Multiple vulnerabilities) The driver does not properly process Channel Switch Announcement Information Elements, allowing for an abnormal channel change. The ieee80211_input() function does not properly handle AUTH frames and the driver sends unencrypted packets before WPA authentication succeeds. Impact : A remote attacker could send specially crafted AUTH frames to the vulnerable host, resulting in a Denial of Service by crashing the kernel. A remote attacker could gain access to sensitive information about network architecture by sniffing unencrypted packets. A remote attacker could also send a Channel Switch Count less than or equal to one to trigger a channel change, resulting in a communication loss and a Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200704-15" ); script_set_attribute( attribute:"solution", value: "All MadWifi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-wireless/madwifi-ng-0.9.3'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:madwifi-ng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/19"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-wireless/madwifi-ng", unaffected:make_list("ge 0.9.3"), vulnerable:make_list("lt 0.9.3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MadWifi"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-479-1.NASL description Multiple flaws in the MadWifi driver were discovered that could lead to a system crash. A physically near-by attacker could generate specially crafted wireless network traffic and cause a denial of service. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829, CVE-2007-2830) A flaw was discovered in the MadWifi driver that would allow unencrypted network traffic to be sent prior to finishing WPA authentication. A physically near-by attacker could capture this, leading to a loss of privacy, denial of service, or network spoofing. (CVE-2006-7180) A flaw was discovered in the MadWifi driver last seen 2020-06-01 modified 2020-06-02 plugin id 28080 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28080 title Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-restricted-modules-2.6.15/.17/.20 vulnerabilities (USN-479-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-479-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(28080); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7179", "CVE-2006-7180", "CVE-2007-2829", "CVE-2007-2830", "CVE-2007-2831"); script_xref(name:"USN", value:"479-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-restricted-modules-2.6.15/.17/.20 vulnerabilities (USN-479-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Multiple flaws in the MadWifi driver were discovered that could lead to a system crash. A physically near-by attacker could generate specially crafted wireless network traffic and cause a denial of service. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829, CVE-2007-2830) A flaw was discovered in the MadWifi driver that would allow unencrypted network traffic to be sent prior to finishing WPA authentication. A physically near-by attacker could capture this, leading to a loss of privacy, denial of service, or network spoofing. (CVE-2006-7180) A flaw was discovered in the MadWifi driver's ioctl handling. A local attacker could read kernel memory, or crash the system, leading to a denial of service. (CVE-2007-2831). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/479-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-28"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.17-11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.20-16"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-control"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-lowlatency"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-new-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vmware-player-kernel-modules-2.6.17-11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vmware-player-kernel-modules-2.6.20-16"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vmware-server-kernel-modules-2.6.20-16"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vmware-tools-kernel-modules-2.6.20-16"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/29"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|6\.10|7\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7179", "CVE-2006-7180", "CVE-2007-2829", "CVE-2007-2830", "CVE-2007-2831"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-479-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-firmware-2.6.15-28", pkgver:"3.11+2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-kernel-source", pkgver:"3.11+2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"fglrx-control", pkgver:"8.25.18+2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"fglrx-kernel-source", pkgver:"8.25.18+2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-28-386", pkgver:"2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-28-686", pkgver:"2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-28-amd64-generic", pkgver:"2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-28-amd64-k8", pkgver:"2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-28-amd64-xeon", pkgver:"2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-common", pkgver:"2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx", pkgver:"1.0.8776+2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-dev", pkgver:"1.0.8776+2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-legacy", pkgver:"1.0.7174+2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-legacy-dev", pkgver:"1.0.7174+2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-kernel-source", pkgver:"1.0.8776+2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-legacy-kernel-source", pkgver:"1.0.7174+2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"xorg-driver-fglrx", pkgver:"7.0.0-8.25.18+2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"xorg-driver-fglrx-dev", pkgver:"7.0.0-8.25.18+2.6.15.12-28.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"avm-fritz-firmware-2.6.17-11", pkgver:"3.11+2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"avm-fritz-kernel-source", pkgver:"3.11+2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"fglrx-control", pkgver:"8.28.8+2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"fglrx-kernel-source", pkgver:"8.28.8+2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-restricted-modules-2.6.17-11-386", pkgver:"2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-restricted-modules-2.6.17-11-generic", pkgver:"2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-restricted-modules-common", pkgver:"2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"nvidia-glx", pkgver:"1.0.8776+2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"nvidia-glx-dev", pkgver:"1.0.8776+2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"nvidia-glx-legacy", pkgver:"1.0.7184+2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"nvidia-glx-legacy-dev", pkgver:"1.0.7184+2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"nvidia-kernel-source", pkgver:"1.0.8776+2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"nvidia-legacy-kernel-source", pkgver:"1.0.7184+2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"vmware-player-kernel-modules-2.6.17-11", pkgver:"2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"xorg-driver-fglrx", pkgver:"7.1.0-8.28.8+2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"xorg-driver-fglrx-dev", pkgver:"7.1.0-8.28.8+2.6.17.8-11.2")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"avm-fritz-firmware-2.6.20-16", pkgver:"3.11+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"avm-fritz-kernel-source", pkgver:"3.11+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"fglrx-control", pkgver:"8.34.8+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"fglrx-kernel-source", pkgver:"8.34.8+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-restricted-modules-2.6.20-16-386", pkgver:"2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-restricted-modules-2.6.20-16-generic", pkgver:"2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-restricted-modules-2.6.20-16-lowlatency", pkgver:"2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-restricted-modules-common", pkgver:"2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"nvidia-glx", pkgver:"1.0.9631+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"nvidia-glx-dev", pkgver:"1.0.9631+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"nvidia-glx-legacy", pkgver:"1.0.7184+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"nvidia-glx-legacy-dev", pkgver:"1.0.7184+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"nvidia-glx-new", pkgver:"1.0.9755+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"nvidia-glx-new-dev", pkgver:"1.0.9755+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"nvidia-kernel-source", pkgver:"1.0.9631+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"nvidia-legacy-kernel-source", pkgver:"1.0.7184+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"nvidia-new-kernel-source", pkgver:"1.0.9755+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"vmware-player-kernel-modules-2.6.20-16", pkgver:"2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"vmware-server-kernel-modules-2.6.20-16", pkgver:"2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"vmware-tools-kernel-modules-2.6.20-16", pkgver:"2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"xorg-driver-fglrx", pkgver:"7.1.0-8.34.8+2.6.20.5-16.29")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"xorg-driver-fglrx-dev", pkgver:"7.1.0-8.34.8+2.6.20.5-16.29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "avm-fritz-firmware-2.6.15-28 / avm-fritz-firmware-2.6.17-11 / etc"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-082.NASL description The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission. (CVE-2005-4835) MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to packets coming from a malicious WinXP system. (CVE-2006-7177) MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. (CVE-2006-7178) ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change. (CVE-2006-7179) ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks. (CVE-2006-7180) Updated packages have been updated to 0.9.3 to correct this issue. Wpa_supplicant is built using madwifi-source and has been rebuilt using 0.9.3 source. last seen 2020-06-01 modified 2020-06-02 plugin id 25033 published 2007-04-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25033 title Mandrake Linux Security Advisory : madwifi-source (MDKSA-2007:082) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:082. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(25033); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2005-4835", "CVE-2006-7177", "CVE-2006-7178", "CVE-2006-7179", "CVE-2006-7180"); script_xref(name:"MDKSA", value:"2007:082"); script_name(english:"Mandrake Linux Security Advisory : madwifi-source (MDKSA-2007:082)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission. (CVE-2005-4835) MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to packets coming from a malicious WinXP system. (CVE-2006-7177) MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. (CVE-2006-7178) ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change. (CVE-2006-7179) ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks. (CVE-2006-7180) Updated packages have been updated to 0.9.3 to correct this issue. Wpa_supplicant is built using madwifi-source and has been rebuilt using 0.9.3 source." ); script_set_attribute( attribute:"solution", value: "Update the affected madwifi-source, wpa_gui and / or wpa_supplicant packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:madwifi-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wpa_gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wpa_supplicant"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"madwifi-source-0.9.3-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"wpa_gui-0.5.5-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"wpa_supplicant-0.5.5-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"madwifi-source-0.9.3-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"wpa_gui-0.5.7-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"wpa_supplicant-0.5.7-1.1mdv2007.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_MADWIFI-3897.NASL description The madwifi driver and userland packages were updated to 0.9.3.1. Please note that while the RPM version still says last seen 2020-06-01 modified 2020-06-02 plugin id 29517 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29517 title SuSE 10 Security Update : madwifi (ZYPP Patch Number 3897)
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-04-17 |
| organization | Red Hat |
| statement | Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. |
References
- http://madwifi.org/ticket/880
- http://madwifi.org/wiki/Releases/0.9.3
- http://secunia.com/advisories/24670
- http://secunia.com/advisories/24841
- http://secunia.com/advisories/24931
- http://secunia.com/advisories/25861
- http://secunia.com/advisories/26083
- http://security.gentoo.org/glsa/glsa-200704-15.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:082
- http://www.novell.com/linux/security/advisories/2007_14_sr.html
- http://www.securityfocus.com/archive/1/466689/30/6900/threaded
- http://www.securityfocus.com/bid/23431
- http://www.ubuntu.com/usn/usn-479-1
- http://www.vupen.com/english/advisories/2007/1187