---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: MadWifi Denial of Service and Information Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA24670 VERIFY ADVISORY: http://secunia.com/advisories/24670/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS WHERE: >From remote SOFTWARE: MadWifi 0.x http://secunia.com/product/12842/ DESCRIPTION: Some vulnerabilities have been reported in MadWifi, which can be exploited by malicious people to gain knowledge of potentially sensitive information or cause a DoS (Denial of Service). 1) An error within the "ieee80211_input()" function when handling AUTH frames from IBSS nodes can be exploited to cause a kernel crash by sending specially crafted AUTH frames. Successful exploitation may require that the "Ad-Hoc" mode is used. 2) MadWifi does not correctly handle Channel Switch Announcements. This can be exploited to force a channel switch thus interrupting the communication by injecting a Channel Switch Announcement with "CS Count" set to 1 or less. 3) An error within ieee80211_output.c may cause unencrypted packets to be sent before the WPA authentication is completed. This can be exploited to gain knowledge of certain sensitive information, which may be leveraged for further attacks. The vulnerabilities are reported in versions prior to 0.9.3. SOLUTION: Update to version 0.9.3. PROVIDED AND/OR DISCOVERED BY: 1) kurth 2, 3) Reported by the vendor. ORIGINAL ADVISORY: http://madwifi.org/ticket/880 http://madwifi.org/ticket/963 http://madwifi.org/ticket/967 http://madwifi.org/wiki/Releases/0.9.3 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------