MadWifi: Denial of Service — GLSA 200711-09

MadWifi does not correctly process beacon frames which can lead to a remotely triggered Denial of Service.

Affected Packages

net-wireless/madwifi-ng on all architectures
Affected versions < 0.9.3.3
Unaffected versions >= 0.9.3.3

Background

The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards.

Description

Clemens Kolbitsch and Sylvester Keil reported an error when processing beacon frames with an overly large "length" value in the "xrates" element.

Impact

A remote attacker could act as an access point and send a specially crafted packet to an Atheros based wireless client, possibly resulting in a Denial of Service (kernel panic).

Workaround

There is no known workaround at this time.

Resolution

All MadWifi users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.3.3"

References

Release Date
November 07, 2007

Latest Revision
November 07, 2007: 01

Severity
normal

Exploitable
remote

Bugzilla entries