USN-479-1: MadWifi vulnerabilities

Ubuntu Security Notice USN-479-1

29th June, 2007

linux-restricted-modules-2.6.15/.17/.20 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 7.04
Ubuntu 6.10
Ubuntu 6.06 LTS

Details

Multiple flaws in the MadWifi driver were discovered that could lead
to a system crash. A physically near-by attacker could generate
specially crafted wireless network traffic and cause a denial of
service. (CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829,
CVE-2007-2830)

A flaw was discovered in the MadWifi driver that would allow unencrypted
network traffic to be sent prior to finishing WPA authentication.
A physically near-by attacker could capture this, leading to a loss of
privacy, denial of service, or network spoofing. (CVE-2006-7180)

A flaw was discovered in the MadWifi driver's ioctl handling. A local
attacker could read kernel memory, or crash the system, leading to a
denial of service. (CVE-2007-2831)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 7.04:: linux-restricted-modules-2.6.20-16-powerpc64-smp 2.6.20.5-16.29; linux-restricted-modules-2.6.20-16-386 2.6.20.5-16.29; linux-restricted-modules-2.6.20-16-lowlatency 2.6.20.5-16.29; linux-restricted-modules-2.6.20-16-sparc64-smp 2.6.20.5-16.29; linux-restricted-modules-2.6.20-16-sparc64 2.6.20.5-16.29; linux-restricted-modules-2.6.20-16-powerpc 2.6.20.5-16.29; linux-restricted-modules-2.6.20-16-generic 2.6.20.5-16.29; linux-restricted-modules-2.6.20-16-powerpc-smp 2.6.20.5-16.29
Ubuntu 6.10:: linux-restricted-modules-2.6.17-11-sparc64 2.6.17.8-11.2; linux-restricted-modules-2.6.17-11-sparc64-smp 2.6.17.8-11.2; linux-restricted-modules-2.6.17-11-powerpc64-smp 2.6.17.8-11.2; linux-restricted-modules-2.6.17-11-powerpc 2.6.17.8-11.2; linux-restricted-modules-2.6.17-11-generic 2.6.17.8-11.2; linux-restricted-modules-2.6.17-11-powerpc-smp 2.6.17.8-11.2; linux-restricted-modules-2.6.17-11-386 2.6.17.8-11.2
Ubuntu 6.06 LTS:: linux-restricted-modules-2.6.15-28-686 2.6.15.12-28.2; linux-restricted-modules-2.6.15-28-amd64-k8 2.6.15.12-28.2; linux-restricted-modules-2.6.15-28-amd64-xeon 2.6.15.12-28.2; linux-restricted-modules-2.6.15-28-k7 2.6.15.12-28.2; linux-restricted-modules-2.6.15-28-sparc64 2.6.15.12-28.2; linux-restricted-modules-2.6.15-28-sparc64-smp 2.6.15.12-28.2; linux-restricted-modules-2.6.15-28-powerpc-smp 2.6.15.12-28.2; linux-restricted-modules-2.6.15-28-amd64-generic 2.6.15.12-28.2; linux-restricted-modules-2.6.15-28-386 2.6.15.12-28.2; linux-restricted-modules-2.6.15-28-powerpc 2.6.15.12-28.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

References

CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2006-7180, CVE-2007-2829, CVE-2007-2830, CVE-2007-2831