Re: Bug#446824: CVE-2007-5448 remote denial of service via crafted beacon frame
Faidon Liambotis wrote:
> Luk Claes wrote:
>>> CVE-2007-5448[0]:
>>> | Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial
>>> | of service (panic) via a beacon frame with a large length value in the
>>> | extended supported rates (xrates) element, which triggers an assertion
>>> | error, related to net80211/ieee80211_scan_ap.c and
>>> | net80211/ieee80211_scan_sta.c.
>>>
>>> If you fix this vulnerability please also include the CVE id
>>> in your changelog entry.
>>>
>>> This is fixed in upstream svn on:
>>> http://madwifi.org/changeset/2736
>>>
>>> For further information:
>>> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5448
>> Can you please upload a fixed package to stable?
> This is remotely exploitable over the air -- an attacker could send a
> specially crafted packet with his wireless device and crash all affected
> systems literally around him. Imagine exploiting this e.g. on a DebConf.
>
> IMHO (I'm not a maintainer) this should be fixed ASAP in stable-security
> and the DSA should include that manual action is required to actually
> fix this (rebuilding and reloading the kernel modules).
non-free is not supported by the security team, that's why I ask the
maintainer to upload it...
Cheers
Luk
Reply to: