Vulnerabilities > Madwifi

DATE CVE VULNERABILITY TITLE RISK
2007-10-14 CVE-2007-5448 Improper Input Validation vulnerability in Madwifi
Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c.
network
madwifi CWE-20
4.3
2007-05-24 CVE-2007-2831 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Madwifi
Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.
network
low complexity
madwifi CWE-119
critical
10.0
2007-05-24 CVE-2007-2830 Denial of Service vulnerability in MadWifi
The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.
network
low complexity
madwifi
5.0
2007-05-24 CVE-2007-2829 Denial of Service vulnerability in MadWifi
The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference.
network
low complexity
madwifi
5.0
2007-03-30 CVE-2006-7180 Multiple vulnerability in MADWiFi IEEE80211_Output.C Unencrypted Data Packet
ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks.
network
madwifi
6.8
2007-03-30 CVE-2006-7179 Denial of Service vulnerability in MadWIFI Channel Switch Announcement Information Elements
ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change.
network
low complexity
madwifi
7.8
2007-03-30 CVE-2006-7178 Remote Denial of Service vulnerability in MadWifi Auth Frame IBSS
MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame.
network
low complexity
madwifi
7.8
2007-03-30 CVE-2006-7177 Denial of Service vulnerability in Madwifi 0.9.2
MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system."
network
low complexity
madwifi
7.8
2006-12-10 CVE-2006-6332 Remote Buffer Overflow vulnerability in Madwifi 0.9.2.1
Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.
network
low complexity
madwifi
7.5
2005-12-31 CVE-2005-4835 Denial-Of-Service vulnerability in MADWifi
The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission.
network
madwifi
7.1