| Topic: |
IEEE 802.11 buffer overflow |
|
|
| Category: |
core |
| Module: |
net80211 |
| Announced: |
2006-01-18 |
| Credits: |
Karl Janmar |
| Affects: |
FreeBSD 6.0 |
Corrected:
2006-01-18 09:03:15 UTC (RELENG_6, 6.0-STABLE)
2006-01-18 09:03:36 UTC (RELENG_6_0, 6.0-RELEASE-p3)
CVE Name: CVE-2006-0226
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.
I. Background
The IEEE 802.11 network subsystem of FreeBSD implements the protocol
negotiation used for wireless networking.
II. Problem Description
An integer overflow in the handling of corrupt IEEE 802.11 beacon or
probe response frames when scanning for existing wireless networks can
result in the frame overflowing a buffer.
III. Impact
An attacker able broadcast a carefully crafted beacon or probe response
frame may be able to execute arbitrary code within the context of the
FreeBSD kernel on any system scanning for wireless networks.
IV. Workaround
No workaround is available, but systems without IEEE 802.11 hardware or
drivers loaded are not vulnerable.
V. Solution Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE or to the RELENG_6_0
security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 6.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:05/80211.patch
# fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:05/80211.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html>
and reboot the
system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch
Path Revision
-------------------------------------------------------------------------------------------------------
RELENG_6
src/sys/net80211/ieee80211_ioctl.c 1.25.2.9
RELENG_6_0
src/UPDATING 1.416.2.3.2.8
src/sys/conf/newvers.sh 1.69.2.8.2.4
src/sys/net80211/ieee80211_ioctl.c 1.25.2.3.2.1
-------------------------------------------------------------------------------------------------------
VII. References
http://www.signedness.org/advisories/sps-0x1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0226
The latest revision of this advisory is available at
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc
|
Security Advisory 
Postfix - "Krok po kroku" v1.1
sdi.sh
uEagle 1.0p1
