Luk Claes wrote: >> CVE-2007-5448[0]: >> | Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial >> | of service (panic) via a beacon frame with a large length value in the >> | extended supported rates (xrates) element, which triggers an assertion >> | error, related to net80211/ieee80211_scan_ap.c and >> | net80211/ieee80211_scan_sta.c. >> >> If you fix this vulnerability please also include the CVE id >> in your changelog entry. >> >> This is fixed in upstream svn on: >> http://madwifi.org/changeset/2736 >> >> For further information: >> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5448 > > Can you please upload a fixed package to stable? This is remotely exploitable over the air -- an attacker could send a specially crafted packet with his wireless device and crash all affected systems literally around him. Imagine exploiting this e.g. on a DebConf.
IMHO (I'm not a maintainer) this should be fixed ASAP in stable-security and the DSA should include that manual action is required to actually fix this (rebuilding and reloading the kernel modules). Regards, Faidon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
