Results 1 to 10 of 25

Thread: Madwifi driver users UPDATE NOW (THAT MEANS ANYONE USING ATHEROS CARDS)

Hybrid View

  1. #1
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default Madwifi driver users UPDATE NOW (THAT MEANS ANYONE USING ATHEROS CARDS)

    Just stumbled upon this, and as I didn't find it posted, I thought that it needed to be brought to people's attention, just in case you have missed it.

    THIS AFFECTS ANYONE WITH AN ATHEROS CHIPSET WIRELESS CARD

    Announcement
    Hi all.
    We recently have been made aware of three security-related issues in MadWifi v0.9.3. In response to these reports we've released v0.9.3.1 today (which is similar to v0.9.3 plus the relevant fixes). The release tarballs are available for immediate download from: http://sourceforge.net/project/showf...ckage_id=85233
    *We strongly advise all users of MadWifi to upgrade to v0.9.3.1 as soon as possible.*
    Thanks to Md Sohail Ahmad of AirTight Networks Inc. for reporting issue 1. We also like to thank the reporter of issues 2 and 3, who has asked to keep his identity private.
    The issues are:
    1. Remote DoS: insufficient input validation (beacon interval)
    The beacon interval information that is gathered while scanning for Access Points is not properly validated. This could be exploited from remote to cause a DoS due to a "division by zero" exception.
    See also: http://madwifi.org/ticket/1270
    2. Remote DoS: insufficient input validation (Fast Frame parsing)
    The code which parses fast frames and 802.3 frames embedded therein does not properly validate the size parameters in such frames. This could be exploited from remote to cause a DoS due to a NULL-pointer dereference.
    See also: http://madwifi.org/ticket/1335
    3. Local DoS: insufficient input validation (WMM parameters)
    A restricted local user could pass invalid data to two ioctl handlers, causing a DoS due to access being made to invalid addresses. Chances are that this issue also might allow read and/or write access to kernel memory; this has not yet been verified.
    See also: http://madwifi.org/ticket/1334
    Thanks for your attention.
    Bye, Mike
    So as you can see, if you are a MadWifi user you REALLY need to update your drivers NOW.

    Anyone with atheros chipset cards should follow Xploitz instructions on how to update the drivers here

  2. #2
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Thanks balding_parrot for bringing this to our forums attention. I just updated.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #3
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    Thanks balding_parrot. I just updated.
    No Problem, your welcome.

    I spotted it and thought people should be aware of it.

    If I have saved one person from the potential nasties, then my purpose has been done.

  4. #4
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Talking

    Quote Originally Posted by balding_parrot View Post

    If I have saved one person from the potential nasties, then my purpose has been done.
    Well, Im all about preventing the nasties when I'm penetrating As long as my ndiswrapper doesn't break I'm ok!!! Now then...wheres my brewski's at??
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  5. #5
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by balding_parrot View Post
    Just stumbled upon this, and as I didn't find it posted, I thought that it needed to be brought to people's attention, just in case you have missed it.

    THIS AFFECTS ANYONE WITH AN ATHEROS CHIPSET WIRELESS CARD

    So as you can see, if you are a MadWifi user you REALLY need to update your drivers NOW.

    Anyone with atheros chipset cards should follow Xploitz instructions on how to update the drivers here
    Can we assume that these new drivers are already patched for injection?
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  6. #6
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by theprez98 View Post
    Can we assume that these new drivers are already patched for injection?
    I don't have my atheros card with me at the moment, so cannot confirm this. I did see a post on another forum that said that this version supported injection out of the box, but as I say I cannot confirm it.
    I am sure that Xploitz will soon say if they don't, but as I saw a post from him giving instructions saying how to update to them, I assume that he has tested them.

    So come on Xploitz, do they support injection or not ?

  7. #7
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Thumbs up

    Quote Originally Posted by balding_parrot View Post
    I am sure that Xploitz will soon say if they don't, but as I saw a post from him giving instructions saying how to update to them, I assume that he has tested them.

    So come on Xploitz, do they support injection or not ?
    I assume your referring to my card injecting with these drivers installed and not me injecting. But yes, both me and my card can inject after I installed this new updated driver.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  8. #8
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    OK COOL so now that is confirmed, UPDATE NOW

  9. #9
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    this is also documented HERE
    MadWifi Multiple Denial of Service Vulnerabilities
    2007-07-24
    http://www.securityfocus.com/bid/24114

    MadWIFI Channel Switch Announcement Information Elements Denial of Service Vulnerability
    2007-07-24
    http://www.securityfocus.com/bid/23436

    MadWIFI Ad-Hoc Mode Denial of Service Vulnerability
    2007-07-24
    http://www.securityfocus.com/bid/23433

    MadWifi Auth Frame IBSS Remote Denial of Service Vulnerability
    2007-07-24
    http://www.securityfocus.com/bid/23431

    MADWiFi IEEE80211_Output.C Unencrypted Data Packet Multiple Vulnerabilities
    2007-07-24
    http://www.securityfocus.com/bid/23434

    MADWiFi Linux Kernel Device Driver Multiple Remote Buffer Overflow Vulnerabilities
    2007-03-01
    http://www.securityfocus.com/bid/21486

  10. #10
    Member
    Join Date
    Oct 2007
    Posts
    52

    Default

    nvrmind im dumb didnt notice typo on command (ill blame it on getting used to eeepc keyboard)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •