CVE-2005-4835
CVSS7.1
发布时间 :2005-12-31 00:00:00
修订时间 :2008-09-10 15:54:31
NMCOP    

[原文]The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission.


[CNNVD]MadWifi ath_rate/sample/sample.c 拒绝服务攻击漏洞(CNNVD-200512-647)

        MadWifi的0.9.3之前版本的ath_rate/sample/sample.c示例代码中的ath_rate_sample函数使得远程攻击者可通过将连接的系统移动到一个低信号量的位置,并可能通过与在启用接口和包传输之间的竞态条件相关的其他向量,来发起拒绝服务攻击(KASSERT失败或系统崩溃)。

- CVSS (基础分值)

CVSS分值: 7.1 [严重(HIGH)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:madwifi:madwifi:0.9.2.1
cpe:/a:madwifi:madwifi:0.9.1
cpe:/a:madwifi:madwifi:0.9.2
cpe:/a:madwifi:madwifi:0.9.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4835
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4835
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-647
(官方数据源) CNNVD

- 其它链接及资源

http://madwifi.org/wiki/Releases/0.9.3
(PATCH)  CONFIRM  http://madwifi.org/wiki/Releases/0.9.3
http://madwifi.org/ticket/287
(UNKNOWN)  CONFIRM  http://madwifi.org/ticket/287
http://madwifi.org/ticket/279
(UNKNOWN)  MISC  http://madwifi.org/ticket/279
http://madwifi.org/ticket/162
(UNKNOWN)  MISC  http://madwifi.org/ticket/162
http://www.novell.com/linux/security/advisories/2007_14_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2007:014
http://www.mandriva.com/security/advisories?name=MDKSA-2007:082
(UNKNOWN)  MANDRIVA  MDKSA-2007:082
http://secunia.com/advisories/26083
(UNKNOWN)  SECUNIA  26083
http://secunia.com/advisories/24841
(UNKNOWN)  SECUNIA  24841

- 漏洞信息

MadWifi ath_rate/sample/sample.c 拒绝服务攻击漏洞
高危 未知
2005-12-31 00:00:00 2007-04-10 00:00:00
远程  
        MadWifi的0.9.3之前版本的ath_rate/sample/sample.c示例代码中的ath_rate_sample函数使得远程攻击者可通过将连接的系统移动到一个低信号量的位置,并可能通过与在启用接口和包传输之间的竞态条件相关的其他向量,来发起拒绝服务攻击(KASSERT失败或系统崩溃)。

- 公告与补丁

        

- 漏洞信息 (F55883)

Mandriva Linux Security Advisory 2007.082 (PacketStormID:F55883)
2007-04-12 00:00:00
Mandriva  mandriva.com
advisory,remote,denial of service,kernel,spoof
linux,windows,mandriva
CVE-2006-7180,CVE-2006-7179,CVE-2006-7178,CVE-2006-7177,CVE-2005-4835
[点击下载]

Mandriva Linux Security Advisory - The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission. MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to packets coming from a malicious WinXP system. MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change. ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:082
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : madwifi-source
 Date    : April 11, 2007
 Affected: 2007.0, 2007.1
 _______________________________________________________________________
 
 Problem Description:
 
 The ath_rate_sample function in the ath_rate/sample/sample.c sample
 code in MadWifi before 0.9.3 allows remote attackers to cause a denial
 of service (failed KASSERT and system crash) by moving a connected
 system to a location with low signal strength, and possibly other
 vectors related to a race condition between interface enabling and
 packet transmission. (CVE-2005-4835)
 
 MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause
 a denial of service (system crash) via unspecified vectors that lead
 to a kernel panic in the ieee80211_input function, related to packets
 coming from a malicious WinXP system. (CVE-2006-7177)
 
 MadWifi before 0.9.3 does not properly handle reception of an AUTH
 frame by an IBSS node, which allows remote attackers to cause a denial
 of service (system crash) via a certain AUTH frame. (CVE-2006-7178)
 
 ieee80211_input.c in MadWifi before 0.9.3 does not properly process
 Channel Switch Announcement Information Elements (CSA IEs), which
 allows remote attackers to cause a denial of service (loss of
 communication) via a Channel Switch Count less than or equal to one,
 triggering a channel change. (CVE-2006-7179)
 
 ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets
 before WPA authentication succeeds, which allows remote attackers
 to obtain sensitive information (related to network structure),
 and possibly cause a denial of service (disrupted authentication)
 and conduct spoofing attacks. (CVE-2006-7180)
 
 Updated packages have been updated to 0.9.3 to correct this
 issue. Wpa_supplicant is built using madwifi-source and has been
 rebuilt using 0.9.3 source.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4835
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7177
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7178
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7179
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7180
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 d7cbe028e271f0f8d774905558e74fdc  2007.0/i586/madwifi-source-0.9.3-1.1mdv2007.0.noarch.rpm
 904a90761313b1cc56d6a0ff0d477ad7  2007.0/i586/wpa_gui-0.5.5-2.1mdv2007.0.i586.rpm
 052bfcc81003cc8b6656434e4611a521  2007.0/i586/wpa_supplicant-0.5.5-2.1mdv2007.0.i586.rpm 
 aaec8f2686274bd944a2a0932180a91d  2007.0/SRPMS/madwifi-source-0.9.3-1.1mdv2007.0.src.rpm
 8b9dad3443aab464e3f32bdf6e5e4ab6  2007.0/SRPMS/wpa_supplicant-0.5.5-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 d7cbe028e271f0f8d774905558e74fdc  2007.0/x86_64/madwifi-source-0.9.3-1.1mdv2007.0.noarch.rpm
 286aebce2515abdf2ce786d568ca561a  2007.0/x86_64/wpa_gui-0.5.5-2.1mdv2007.0.x86_64.rpm
 b65aa19f1f3f3e54fe1417e01efa0618  2007.0/x86_64/wpa_supplicant-0.5.5-2.1mdv2007.0.x86_64.rpm 
 aaec8f2686274bd944a2a0932180a91d  2007.0/SRPMS/madwifi-source-0.9.3-1.1mdv2007.0.src.rpm
 8b9dad3443aab464e3f32bdf6e5e4ab6  2007.0/SRPMS/wpa_supplicant-0.5.5-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 b1516928d8a7912697ed745a4c7d7e92  2007.1/i586/madwifi-source-0.9.3-1.1mdv2007.1.noarch.rpm
 f8f1afbd019cee7198980cea27f51888  2007.1/i586/wpa_gui-0.5.7-1.1mdv2007.1.i586.rpm
 1b6c006280fc9e489367a33277aedec2  2007.1/i586/wpa_supplicant-0.5.7-1.1mdv2007.1.i586.rpm 
 5cfe8a50972bc71713aeec6e3fd16477  2007.1/SRPMS/madwifi-source-0.9.3-1.1mdv2007.1.src.rpm
 39d7ca78f1476cf4cc1e9424b839687d  2007.1/SRPMS/wpa_supplicant-0.5.7-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 b1516928d8a7912697ed745a4c7d7e92  2007.1/x86_64/madwifi-source-0.9.3-1.1mdv2007.1.noarch.rpm
 f2d503a7c9c75a2e7a893bf9ac21b67d  2007.1/x86_64/wpa_gui-0.5.7-1.1mdv2007.1.x86_64.rpm
 cab5de7a034f25e3a1135ebb4baf540a  2007.1/x86_64/wpa_supplicant-0.5.7-1.1mdv2007.1.x86_64.rpm 
 5cfe8a50972bc71713aeec6e3fd16477  2007.1/SRPMS/madwifi-source-0.9.3-1.1mdv2007.1.src.rpm
 39d7ca78f1476cf4cc1e9424b839687d  2007.1/SRPMS/wpa_supplicant-0.5.7-1.1mdv2007.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGHRSNmqjQ0CJFipgRAoOfAKCwL3PuyA6pn7TajcGWdw9CXsMa9gCgzYCU
aE8Jb5USVvOtH22MRTS+G3o=
=KFwZ
-----END PGP SIGNATURE-----

    

- 漏洞信息

43551
MadWifi ath_rate/sample/sample.c ath_rate_sample Function Remote DoS
Remote / Network Access Denial of Service
Loss of Availability Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2005-11-18 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站