Madwifi have now released v0.9.3.3 which fixes this vulnerability.
The karma patch for 0.9.3.2 will work on this new version.
Robin
On 17/10/2007, Raul Siles <raul.siles (at) gmail (dot) com [email concealed]> wrote:
> Hi everyone,
> A malicious AP could broadcast specially crafted beacons and cause a
> DoS in all madwifi wireless clients :(
>
> It seems wireless fuzzing continues evolving. Take a look at the
> upcoming presentation in BH Japan:
> http://www.securityfocus.com/archive/1/482168
> http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html#Kolbi
tsch
> --
> Raul Siles
> GSE
> www.raulsiles.com
>
>
> - From SANS Newsbites:
>
> 11. MadWifi Xrates Element Remote Denial of Service Vulnerability
> BugTraq ID: 26052
> Remote: Yes
> Date Published: 2007-10-12
> Relevant URL: http://www.securityfocus.com/bid/26052
> Summary:
> MadWifi is prone to a remote denial-of-service vulnerability because
> the application limits the size of the extended supported rates
> element in beacon frames transmitted from wireless access points.
>
> An attacker can exploit this issue to cause the affected computer to
> crash, denying further service to legitimate users.
>
> This issue affects MadWifi 0.9.3.2 and prior versions.
>
The karma patch for 0.9.3.2 will work on this new version.
Robin
On 17/10/2007, Raul Siles <raul.siles (at) gmail (dot) com [email concealed]> wrote:
> Hi everyone,
> A malicious AP could broadcast specially crafted beacons and cause a
> DoS in all madwifi wireless clients :(
>
> It seems wireless fuzzing continues evolving. Take a look at the
> upcoming presentation in BH Japan:
> http://www.securityfocus.com/archive/1/482168
> http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html#Kolbi
tsch
> --
> Raul Siles
> GSE
> www.raulsiles.com
>
>
> - From SANS Newsbites:
>
> 11. MadWifi Xrates Element Remote Denial of Service Vulnerability
> BugTraq ID: 26052
> Remote: Yes
> Date Published: 2007-10-12
> Relevant URL: http://www.securityfocus.com/bid/26052
> Summary:
> MadWifi is prone to a remote denial-of-service vulnerability because
> the application limits the size of the extended supported rates
> element in beacon frames transmitted from wireless access points.
>
> An attacker can exploit this issue to cause the affected computer to
> crash, denying further service to legitimate users.
>
> This issue affects MadWifi 0.9.3.2 and prior versions.
>
[ reply ]