Description
Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.
References (16)
Core 16
Core References
Patch x_refsource_confirm
http://madwifi.org/ticket/1334
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-479-1
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200706-04.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25339
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24114
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26083
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25622
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_14_sr.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25763
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:132
Patch x_refsource_confirm
http://madwifi.org/wiki/Security
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36637
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25861
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34453
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1919
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/470674/100/100/threaded
Scores
EPSS
0.0346
EPSS Percentile
87.7%
Details
CWE
CWE-119
Status
published
Products (5)
madwifi/madwifi
0.9.0
madwifi/madwifi
0.9.1
madwifi/madwifi
0.9.2
madwifi/madwifi
0.9.2.1
madwifi/madwifi
< 0.9.3
Published
May 24, 2007
Tracked Since
Feb 18, 2026