MadWiFi security threat...

fpd · 04-15-2007, 12:25 PM

It seems a lot of folks here recommend MadWiFi, and I saw this while surfing:
http://www.pcworld.com/article/id,13...1/article.html
I have not seen any updates from Synaptic fixing this security breach.

Conspiracy theory: MSBill is covertly throwing wrenches into the Linux machine just to say, "S-s-se-see! Linux has security problems, t-t-t-too!" Anyone as paranoid as I am?

osor · 04-15-2007, 12:59 PM

AFAIK, this was taken care of last December. You can see the changes here and here.

fpd · 04-15-2007, 01:37 PM

I see your links show it was fixed, but the article states that some distros could be vulnerable by not adding the fix. Do you know if the fix was included in Mepis, or in the updates distributed via apt-get and synaptic?

osor · 04-15-2007, 06:53 PM

I don’t know any about the repositories for any specific distros, but it seems like the security fix is in version 0.9.2.1 and greater, and the oops fix is in 0.9.3 and greater. Your package manager should use the same version numbers so you should be able to figure it out from there.

archtoad6 · 04-17-2007, 04:24 PM

For a quick check run:

Code:

$ apt-cache showpkg madwifi-tools
Package: madwifi-tools
Versions:
1:0.9.2+dfsg-1 ...

Note the "1:" before the true ver. #, ignore it -- it is a Debianism that I can't explain.

& BTW, I'm still running 3.3.2 on this box, so of course the ver. looks out of date.

nx5000 · 04-17-2007, 06:52 PM

Nearly all wireless drivers have been found vulnerable since a year or so, independently of the OS.

http://www.schneier.com/blog/archive...river_att.html

fpd · 04-18-2007, 10:31 PM

Quote:

Originally Posted by osor

I don’t know any about the repositories for any specific distros, but it seems like the security fix is in version 0.9.2.1 and greater, and the oops fix is in 0.9.3 and greater. Your package manager should use the same version numbers so you should be able to figure it out from there.

I did an apt-get policy madwifi-tools and received this:

Code:

madwifi-tools:
  Installed: 1:0.9.2+dfsg-1
  Candidate: 1:0.9.2+dfsg-1
  Version table:
 *** 1:0.9.2+dfsg-1 0
        990 http://apt.mepis.org mepis/main Packages
        100 /var/lib/dpkg/status

So, I tried apt-get install madwifi-tools (after an apt-get update) and received this:

Code:

Reading package lists... Done
Building dependency tree... Done
madwifi-tools is already the newest version.

Is there a way to get 0.9.3 through apt-get or synaptic, or must I download and install the package?

osor · 04-19-2007, 09:58 AM

Sorry I haven’t replied in awhile, but I do not think the “madwifi-tools” package contains the affected code…

I don’t know about Mepis, but for Debian, see here. As you can see the version number (1:0.9.2+r1842.20061207-2) states that it is from the 0.9.2 branch, with svn revision 1842 (the aforementioned security fix) and was packaged on 20061207. Why they don’t use the package maintainers’ version number is beyond me. I also don’t know why they split up the code.

Bottom line: if your apt-style distro has the package madwifi-source with version number 1:0.9.2+r1842.20061207-2 or similar, you’re not vulnerable to the mentioned security threat.

nx5000 · 04-19-2007, 10:23 AM

And if you click on Changelog on the page given by osor, you see:

Quote:

madwifi (1:0.9.2+r1842.20061207-2) unstable; urgency=high

* Add upstream revision 1847 as a new dpatch to completely fix
CVE-2006-6332; thanks Luk Claes; closes: #402836.

-- Loic Minier <lool@dooz.org> Thu, 14 Dec 2006 20:44:37 +0100
madwifi (1:0.9.2+r1842.20061207-1) unstable; urgency=medium

* New upstream SVN snapshot
- buffer overflow exploit fixed (CVE-2006-6332)
* Urgency medium to allow security fix to propogate to testing asap.

-- Kel Modderman <kelmo@kanotixguide.org> Fri, 8 Dec 2006 08:06:01 +1000

Check your changelog
/usr/share/doc/xxx/changelogxxx

angryfirelord · 04-29-2007, 01:41 PM

I'm not that paranoid, but if you want the newest madwifi, you could temporarily enable a Debian unstable repo & use module-assistant to build a new driver. (I have absolutely no idea if that would work on mepis)

http://packages.debian.org/unstable/net/madwifi-source
http://packages.debian.org/unstable/net/madwifi-tools