MadWifi: Kernel driver buffer overflow
Gentoo Linux Security Advisory
||GLSA 200612-09 / madwifi-ng
||December 10, 2006
||December 10, 2006: 01
All supported architectures
MadWifi is vulnerable to a buffer overflow that could potentially lead to
the remote execution of arbitrary code with root privileges.
MadWifi (Multiband Atheros Driver for Wireless Fidelity) provides a
Linux kernel device driver for Atheros-based Wireless LAN devices.
Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer
overflow in the encode_ie() and the giwscan_cb() functions from
A remote attacker could send specially crafted wireless WPA packets
containing malicious RSN Information Headers (IE) that could
potentially lead to the remote execution of arbitrary code as the root
There is no known workaround at this time.
All MadWifi users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.2.1"