CVE-2007-2830

Related Files

Ubuntu Security Notice 479-1

Posted Jun 30, 2007

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 479-1 - Multiple flaws in the MadWifi driver were discovered that could lead to a system crash. A physically near-by attacker could generate specially crafted wireless network traffic and cause a denial of service. A flaw was discovered in the MadWifi driver that would allow unencrypted network traffic to be sent prior to finishing WPA authentication. A physically near-by attacker could capture this, leading to a loss of privacy, denial of service, or network spoofing. A flaw was discovered in the MadWifi driver's ioctl handling. A local attacker could read kernel memory, or crash the system, leading to a denial of service.

tags | advisory, denial of service, kernel, local, spoof

systems | linux, ubuntu

advisories | CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829, CVE-2007-2830, CVE-2006-7180, CVE-2007-2831

SHA-256 | 344a3da22f67f8247b5e7468372fb07f84115ab5a533a61eb8d0ae2979db1a75

Download | Favorite | View

Mandriva Linux Security Advisory 2007.132

Posted Jun 26, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The 802.11 network stack in MadWifi prior to 0.9.3.1 would allow remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. The ath_beacon_config function in MadWifi prior to 0.9.3.1 would allow a remote attacker to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggered a divide-by-zero error. An array index error in MadWifi prior to 0.9.3.1 would allow a local user to cause a denial of service (system crash) and possibly obtain kerenl memory contents, as well as possibly allowing for the execution of arbitrary code via a large negative array index value.

tags | advisory, remote, denial of service, arbitrary, local

systems | linux, mandriva

advisories | CVE-2007-2829, CVE-2007-2830, CVE-2007-2831

SHA-256 | e3151b1a8b7c3b4faba9dcc5cca7cea93eb4811e33e429f43521e7260dd6f38c

Download | Favorite | View

Gentoo Linux Security Advisory 200706-4

Posted Jun 13, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200706-04 - Md Sohail Ahmad from AirTight Networks has discovered a division by zero in the ath_beacon_config() function (CVE-2007-2830). The vendor has corrected an input validation error in the ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams() functions(CVE-207-2831), and an input sanitization error when parsing nested 802.3 Ethernet frame lengths (CVE-2007-2829). Versions less than 0.9.3.1 are affected.

tags | advisory

systems | linux, gentoo

advisories | CVE-2007-2829, CVE-2007-2830, CVE-2007-2831

SHA-256 | 50627889315c9caf9168c4cc142a7ffa47ce566ea0a95a5b252d572b605a3730

Download | Favorite | View