CVE-2007-2831

Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.

Link	Resource
http://madwifi.org/ticket/1334	Patch
http://madwifi.org/wiki/Security	Patch
http://security.gentoo.org/glsa/glsa-200706-04.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:132
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.ubuntu.com/usn/usn-479-1
http://www.securityfocus.com/bid/24114
http://secunia.com/advisories/25339	Vendor Advisory
http://secunia.com/advisories/25622	Vendor Advisory
http://secunia.com/advisories/25763	Vendor Advisory
http://secunia.com/advisories/25861	Vendor Advisory
http://secunia.com/advisories/26083	Vendor Advisory
http://www.vupen.com/english/advisories/2007/1919
http://osvdb.org/36637
https://exchange.xforce.ibmcloud.com/vulnerabilities/34453
http://www.securityfocus.com/archive/1/470674/100/100/threaded

Configuration 1

cpe:2.3:a:madwifi:madwifi:0.9.0:*:*:*:*:*:*:* cpe:2.3:a:madwifi:madwifi:0.9.2:*:*:*:*:*:*:* cpe:2.3:a:madwifi:madwifi:*:*:*:*:*:*:*:* cpe:2.3:a:madwifi:madwifi:0.9.2.1:*:*:*:*:*:*:* cpe:2.3:a:madwifi:madwifi:0.9.1:*:*:*:*:*:*:*

---

Published : 2007-05-24 02:30

Updated : 2018-10-16 04:45

---

NVD link : CVE-2007-2831

Mitre link : CVE-2007-2831

No products.

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer