CVE-2007-5448

Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=195705
http://madwifi.org/changeset/2736	Patch
http://secunia.com/advisories/27197	Patch Vendor Advisory
http://secunia.com/advisories/27541
http://secunia.com/advisories/28431
http://securityreason.com/securityalert/3225
http://www.gentoo.org/security/en/glsa/glsa-200711-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:007
http://www.sec-consult.com/298.html
http://www.securityfocus.com/archive/1/482168/100/0/threaded
http://www.securityfocus.com/bid/26052
http://www.vupen.com/english/advisories/2007/3493
https://exchange.xforce.ibmcloud.com/vulnerabilities/37182

Configurations

Configuration 1 (hide)

cpe:2.3:a:madwifi:madwifi:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-10-14 18:17

Updated : 2024-02-04 17:13

NVD link : CVE-2007-5448

Mitre link : CVE-2007-5448

CVE.ORG link : CVE-2007-5448

JSON object : View

Products Affected

madwifi

madwifi

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2007-5448", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-10-14T18:17:00.000", "references": [{"url": "http://bugs.gentoo.org/show_bug.cgi?id=195705", "source": "cve@mitre.org"}, {"url": "http://madwifi.org/changeset/2736", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27197", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27541", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28431", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3225", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-09.xml", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:007", "source": "cve@mitre.org"}, {"url": "http://www.sec-consult.com/298.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/482168/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26052", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3493", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37182", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c."}, {"lang": "es", "value": "Madwifi 0.9.3.2 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (p\u00e1nico) mediante una trama de baliza con una valor de longitud largo en el elemento extended supported rates (xrates). que dispara una error de aserci\u00f3n, relativo a net80211/ieee80211_scan_ap.c y net80211/ieee80211_scan_sta.c."}], "lastModified": "2018-10-15T21:44:54.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:madwifi:madwifi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "817F054B-BF7F-4B2E-B2BF-E58D67A3B101", "versionEndIncluding": "0.9.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}