Vulnerabilities > Madwifi
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-10-14 | CVE-2007-5448 | Improper Input Validation vulnerability in Madwifi Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c. | 4.3 |
2007-05-24 | CVE-2007-2831 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Madwifi Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value. | 10.0 |
2007-05-24 | CVE-2007-2830 | Denial of Service vulnerability in MadWifi The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error. | 5.0 |
2007-05-24 | CVE-2007-2829 | Denial of Service vulnerability in MadWifi The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. | 5.0 |
2007-03-30 | CVE-2006-7180 | Multiple vulnerability in MADWiFi IEEE80211_Output.C Unencrypted Data Packet ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks. network madwifi | 6.8 |
2007-03-30 | CVE-2006-7179 | Denial of Service vulnerability in MadWIFI Channel Switch Announcement Information Elements ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change. | 7.8 |
2007-03-30 | CVE-2006-7178 | Remote Denial of Service vulnerability in MadWifi Auth Frame IBSS MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. | 7.8 |
2007-03-30 | CVE-2006-7177 | Denial of Service vulnerability in Madwifi 0.9.2 MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system." | 7.8 |
2006-12-10 | CVE-2006-6332 | Remote Buffer Overflow vulnerability in Madwifi 0.9.2.1 Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions. | 7.5 |
2005-12-31 | CVE-2005-4835 | Denial-Of-Service vulnerability in MADWifi The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission. network madwifi | 7.1 |