CVE-2006-7177

Related Files

Ubuntu Security Notice 479-1

Posted Jun 30, 2007

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 479-1 - Multiple flaws in the MadWifi driver were discovered that could lead to a system crash. A physically near-by attacker could generate specially crafted wireless network traffic and cause a denial of service. A flaw was discovered in the MadWifi driver that would allow unencrypted network traffic to be sent prior to finishing WPA authentication. A physically near-by attacker could capture this, leading to a loss of privacy, denial of service, or network spoofing. A flaw was discovered in the MadWifi driver's ioctl handling. A local attacker could read kernel memory, or crash the system, leading to a denial of service.

tags | advisory, denial of service, kernel, local, spoof

systems | linux, ubuntu

advisories | CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829, CVE-2007-2830, CVE-2006-7180, CVE-2007-2831

SHA-256 | 344a3da22f67f8247b5e7468372fb07f84115ab5a533a61eb8d0ae2979db1a75

Download | Favorite | View

Mandriva Linux Security Advisory 2007.082

Posted Apr 12, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission. MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to packets coming from a malicious WinXP system. MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change. ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks.

tags | advisory, remote, denial of service, kernel, spoof

systems | linux, windows, mandriva

advisories | CVE-2006-7180, CVE-2006-7179, CVE-2006-7178, CVE-2006-7177, CVE-2005-4835

SHA-256 | d819604c28dc137922d0e22722103ca0a1a6966047e38f7ad6a9086dd9a696a4

Download | Favorite | View