lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070109195402.GH7935@outflux.net>
Date: Tue, 9 Jan 2007 11:54:03 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-404-1] MadWifi vulnerability

=========================================================== 
Ubuntu Security Notice USN-404-1           January 09, 2007
linux-restricted-modules-2.6.17 vulnerability
CVE-2006-6332
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  linux-restricted-modules-2.6.17-10-386            2.6.17.7-10.1
  linux-restricted-modules-2.6.17-10-generic        2.6.17.7-10.1
  linux-restricted-modules-2.6.17-10-powerpc        2.6.17.7-10.1
  linux-restricted-modules-2.6.17-10-powerpc-smp    2.6.17.7-10.1
  linux-restricted-modules-2.6.17-10-powerpc64-smp  2.6.17.7-10.1
  linux-restricted-modules-2.6.17-10-sparc64        2.6.17.7-10.1
  linux-restricted-modules-2.6.17-10-sparc64-smp    2.6.17.7-10.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Laurent Butti, Jerome Razniewski, and Julien Tinnes discovered that the 
MadWifi wireless driver did not correctly check packet contents when 
receiving scan replies.  A remote attacker could send a specially 
crafted packet and execute arbitrary code with root privileges.


Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/linux-restricted-modules-2.6.17_2.6.17.7-10.1.diff.gz
      Size/MD5:    91232 214d9eb16acbaf284a8f82c11bd5d8b3
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/linux-restricted-modules-2.6.17_2.6.17.7-10.1.dsc
      Size/MD5:     2615 0901f5c273c79ec85bf56572899e335a
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/linux-restricted-modules-2.6.17_2.6.17.7.orig.tar.gz
      Size/MD5: 94289230 283efe66f46b478dea207dac92b7e4e2

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/linux-restricted-modules-common_2.6.17.7-10.1_all.deb
      Size/MD5:    20046 fc9e08b82d203697e6edeb174e014d56

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/avm-fritz-firmware-2.6.17-10_3.11+2.6.17.7-10.1_amd64.deb
      Size/MD5:   476644 7dba162a9ea3618779d49ea813b39e63
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.17/avm-fritz-kernel-source_3.11+2.6.17.7-10.1_amd64.deb
      Size/MD5:  2128978 ddc1bc92aad390084f44851eba7f8f13
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/fglrx-control_8.28.8+2.6.17.7-10.1_amd64.deb
      Size/MD5:    77440 eb2d37f10a80e8e60cc4764e3e0830b9
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.17/fglrx-kernel-source_8.28.8+2.6.17.7-10.1_amd64.deb
      Size/MD5:   547416 df147ff036fc1778579e31c65ceee8b4
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/linux-restricted-modules-2.6.17-10-generic_2.6.17.7-10.1_amd64.deb
      Size/MD5:  6652168 5ab3b414242000d991cfdd26fe0ca790
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/nic-restricted-firmware-2.6.17-10-generic-di_2.6.17.7-10.1_amd64.udeb
      Size/MD5:   965684 9e8cc8f48186cdba5062946036503c0e
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/nic-restricted-modules-2.6.17-10-generic-di_2.6.17.7-10.1_amd64.udeb
      Size/MD5:   319162 ca1b9585da5679f8244355249b0478e9
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/nvidia-glx-dev_1.0.8776+2.6.17.7-10.1_amd64.deb
      Size/MD5:   168346 e820ff635b29d1aeaecc773c12f3ee72
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.17/nvidia-glx-legacy-dev_1.0.7184+2.6.17.7-10.1_amd64.deb
      Size/MD5:   162282 cef82a40001c27a3327c840580f5cb52
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.17/nvidia-glx-legacy_1.0.7184+2.6.17.7-10.1_amd64.deb
      Size/MD5:  6082192 ff3111d4c7ed1fc6c6b4c35867d9430a
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/nvidia-glx_1.0.8776+2.6.17.7-10.1_amd64.deb
      Size/MD5:  7330456 4c2e0fdc8bd60681f60474ddf26061d6
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.17/nvidia-kernel-source_1.0.8776+2.6.17.7-10.1_amd64.deb
      Size/MD5:  1755814 ac114a0980fafa0cf57c0756d9fd9527
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.17/nvidia-legacy-kernel-source_1.0.7184+2.6.17.7-10.1_amd64.deb
      Size/MD5:  1383436 f67a1ee6614974b13237733b78645c62
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/vmware-player-kernel-modules-2.6.17-10_2.6.17.7-10.1_amd64.deb
      Size/MD5:    94004 552f5d8fc06e9aa59576da7b67f8131a
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/xorg-driver-fglrx-dev_7.1.0-8.28.8+2.6.17.7-10.1_amd64.deb
      Size/MD5:   133420 fb954d2e41883f01bba5509520c3b9ad
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/xorg-driver-fglrx_7.1.0-8.28.8+2.6.17.7-10.1_amd64.deb
      Size/MD5: 16016566 ce33b64f6c5a9cd475ee1a18c9b53960

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/avm-fritz-firmware-2.6.17-10_3.11+2.6.17.7-10.1_i386.deb
      Size/MD5:  1206196 12521a61773333c13508bfd7beaac419
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.17/avm-fritz-kernel-source_3.11+2.6.17.7-10.1_i386.deb
      Size/MD5:  3426548 5c9430474ff8d62c3c25afb71e8d79b3
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/fglrx-control_8.28.8+2.6.17.7-10.1_i386.deb
      Size/MD5:    74754 afb132196c1c7866b4cb99a3ba8732ed
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.17/fglrx-kernel-source_8.28.8+2.6.17.7-10.1_i386.deb
      Size/MD5:   701646 7c4134ee10d0d7437524b1ead048ecc4
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/linux-restricted-modules-2.6.17-10-386_2.6.17.7-10.1_i386.deb
      Size/MD5:  7886310 f26bb6b9bae14b9852045a5ab0ac58af
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/linux-restricted-modules-2.6.17-10-generic_2.6.17.7-10.1_i386.deb
      Size/MD5:  7681780 8557d4dada52b5599601ab350d4be024
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/nic-restricted-firmware-2.6.17-10-386-di_2.6.17.7-10.1_i386.udeb
      Size/MD5:   965576 de0a40c398b3d48e90ff6585d02141a4
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/nic-restricted-modules-2.6.17-10-386-di_2.6.17.7-10.1_i386.udeb
      Size/MD5:   292854 a635d055aa568e4d86bcf0d2c9daf91f
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/nvidia-glx-dev_1.0.8776+2.6.17.7-10.1_i386.deb
      Size/MD5:   149150 1b0cb27d327e329a9f2feb43f25a698b
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.17/nvidia-glx-legacy-dev_1.0.7184+2.6.17.7-10.1_i386.deb
      Size/MD5:   141334 39f1cf2833fbf8cb7301ca7f0187e8f9
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.17/nvidia-glx-legacy_1.0.7184+2.6.17.7-10.1_i386.deb
      Size/MD5:  3070318 f3258aa7cfb59dbc58c29fbc1c467fac
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/nvidia-glx_1.0.8776+2.6.17.7-10.1_i386.deb
      Size/MD5:  4066148 d2cfe4aeae2d0853938b10c0fdcadd7c
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.17/nvidia-kernel-source_1.0.8776+2.6.17.7-10.1_i386.deb
      Size/MD5:  1695352 2c4696ca6aa4c33908d6318a0a4259a8
    http://security.ubuntu.com/ubuntu/pool/multiverse/l/linux-restricted-modules-2.6.17/nvidia-legacy-kernel-source_1.0.7184+2.6.17.7-10.1_i386.deb
      Size/MD5:  1374146 6aefb6f339290ff9d9c843149e0c60a4
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/vmware-player-kernel-modules-2.6.17-10_2.6.17.7-10.1_i386.deb
      Size/MD5:   140594 49a2b1a84dfbf8774c0ef71954365c79
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/xorg-driver-fglrx-dev_7.1.0-8.28.8+2.6.17.7-10.1_i386.deb
      Size/MD5:   117454 39e407bfeef903aa2179b653d8023b22
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/xorg-driver-fglrx_7.1.0-8.28.8+2.6.17.7-10.1_i386.deb
      Size/MD5:  9402232 885507596f2251bfdc9a0e0fea5f8e00

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/linux-restricted-modules-2.6.17-10-powerpc-smp_2.6.17.7-10.1_powerpc.deb
      Size/MD5:  1284986 6a793b7f7f89487263e599e6348be2f4
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/linux-restricted-modules-2.6.17-10-powerpc64-smp_2.6.17.7-10.1_powerpc.deb
      Size/MD5:   996346 4fb97a643472eb26b1cde62e18981bff
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/linux-restricted-modules-2.6.17-10-powerpc_2.6.17.7-10.1_powerpc.deb
      Size/MD5:  1282644 5ace738a3764e18ddc8c39e54a75de86
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/nic-restricted-firmware-2.6.17-10-powerpc-di_2.6.17.7-10.1_powerpc.udeb
      Size/MD5:   965672 6ae2f93d4bf75c23153d781a88753f4e
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/nic-restricted-modules-2.6.17-10-powerpc-di_2.6.17.7-10.1_powerpc.udeb
      Size/MD5:   287196 d6d299c4b86e52fca726007967017f09

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/linux-restricted-modules-2.6.17-10-sparc64-smp_2.6.17.7-10.1_sparc.deb
      Size/MD5:   996316 f901be5d353afa46f6edcce65291ee0d
    http://security.ubuntu.com/ubuntu/pool/restricted/l/linux-restricted-modules-2.6.17/linux-restricted-modules-2.6.17-10-sparc64_2.6.17.7-10.1_sparc.deb
      Size/MD5:   996232 c3285d37a897b01a14748998974fbbd1


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ