USN-479-1: MadWifi vulnerabilities

29 June 2007

linux-restricted-modules-2.6.15/.17/.20 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06 LTS

Software Description

Details

Multiple flaws in the MadWifi driver were discovered that could lead to a system crash. A physically near-by attacker could generate specially crafted wireless network traffic and cause a denial of service. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829, CVE-2007-2830)

A flaw was discovered in the MadWifi driver that would allow unencrypted network traffic to be sent prior to finishing WPA authentication. A physically near-by attacker could capture this, leading to a loss of privacy, denial of service, or network spoofing. (CVE-2006-7180)

A flaw was discovered in the MadWifi driver’s ioctl handling. A local attacker could read kernel memory, or crash the system, leading to a denial of service. (CVE-2007-2831)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.04
linux-restricted-modules-2.6.20-16-386 - 2.6.20.5-16.29
linux-restricted-modules-2.6.20-16-generic - 2.6.20.5-16.29
linux-restricted-modules-2.6.20-16-lowlatency - 2.6.20.5-16.29
linux-restricted-modules-2.6.20-16-powerpc - 2.6.20.5-16.29
linux-restricted-modules-2.6.20-16-powerpc-smp - 2.6.20.5-16.29
linux-restricted-modules-2.6.20-16-powerpc64-smp - 2.6.20.5-16.29
linux-restricted-modules-2.6.20-16-sparc64 - 2.6.20.5-16.29
linux-restricted-modules-2.6.20-16-sparc64-smp - 2.6.20.5-16.29
Ubuntu 6.10
linux-restricted-modules-2.6.17-11-386 - 2.6.17.8-11.2
linux-restricted-modules-2.6.17-11-generic - 2.6.17.8-11.2
linux-restricted-modules-2.6.17-11-powerpc - 2.6.17.8-11.2
linux-restricted-modules-2.6.17-11-powerpc-smp - 2.6.17.8-11.2
linux-restricted-modules-2.6.17-11-powerpc64-smp - 2.6.17.8-11.2
linux-restricted-modules-2.6.17-11-sparc64 - 2.6.17.8-11.2
linux-restricted-modules-2.6.17-11-sparc64-smp - 2.6.17.8-11.2
Ubuntu 6.06 LTS
linux-restricted-modules-2.6.15-28-386 - 2.6.15.12-28.2
linux-restricted-modules-2.6.15-28-686 - 2.6.15.12-28.2
linux-restricted-modules-2.6.15-28-amd64-generic - 2.6.15.12-28.2
linux-restricted-modules-2.6.15-28-amd64-k8 - 2.6.15.12-28.2
linux-restricted-modules-2.6.15-28-amd64-xeon - 2.6.15.12-28.2
linux-restricted-modules-2.6.15-28-k7 - 2.6.15.12-28.2
linux-restricted-modules-2.6.15-28-powerpc - 2.6.15.12-28.2
linux-restricted-modules-2.6.15-28-powerpc-smp - 2.6.15.12-28.2
linux-restricted-modules-2.6.15-28-sparc64 - 2.6.15.12-28.2
linux-restricted-modules-2.6.15-28-sparc64-smp - 2.6.15.12-28.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

References