Fix for Madwifi WLAN driver
Version 0.9.3.1 of the madwifi Linux driver for Atheros-based WLAN cards was released today to remedy three flaws caused by insufficient parameter checking. Attackers were able to exploit these holes to carry out local and remote denial-of-service attacks, effectively cutting off WLAN use. It seems that only local attackers would have also been able to write into kernel memory, but the developers were not able to verify this.
The bugs were discovered in driver version 0.9.3, but they probably also exist in older versions. The developers therefore recommend that all madwifi users upgrade to the latest version as quickly as possible. Currently, the sources are available, with compiled packets to be released for various distributions in the next few days.
- Remote DoS: insufficient input validation (beacon interval)
- Remote DoS: insufficient input validation (fast frame parsing)
- Local DoS: insufficient input validation (WMM parameters)