[PATCH] ndiswrapper remote buffer overflows on long ESSIDs
Bug #275860 reported by
Anders Kaseorg
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ndiswrapper |
Fix Released
|
Undecided
|
Unassigned | ||
| linux (Ubuntu) |
Fix Released
|
Low
|
Ubuntu Kernel Team | ||
| linux-ubuntu-modules-2.6.24 (Ubuntu) |
Fix Released
|
Low
|
Ubuntu Kernel Team | ||
| ndiswrapper (Debian) |
Fix Released
|
Unknown
|
|||
| ndiswrapper (Gentoo Linux) |
Fix Released
|
High
|
|||
Bug Description
I managed to configure an iMac to export an ad-hoc wireless network with a 32-character ESSID (this seems to be a Mac UI bug). Every time I connected to it using my intrepid amd64 laptop running ndiswrapper, I immediately began seeing kernel oopses, panics, freezes, etc. The same happened with the hardy kernel. I tracked the problem down to a collection of buffer overflows in ndiswrapper on 32-character ESSIDs.
Attached is a patch for the intrepid tree that fixes these issues and allows me to connect without problems.
CVE References
Revision history for this message
| Kees Cook (kees) wrote | #2 |
| Changed in linux: | |
| milestone: | none → ubuntu-8.10-beta |
Revision history for this message
| Kees Cook (kees) wrote | #3 |
Revision history for this message
| Anders Kaseorg (andersk) wrote | #4 |
Revision history for this message
| Anders Kaseorg (andersk) wrote | #5 |
| Changed in linux: | |
| assignee: | nobody → ubuntu-kernel-team |
| importance: | Undecided → Medium |
| status: | New → Triaged |
Revision history for this message
| Kees Cook (kees) wrote | #6 |
Revision history for this message
| Kees Cook (kees) wrote | #7 |
| Changed in linux-ubuntu-modules-2.6.24: | |
| assignee: | nobody → ubuntu-kernel-team |
| status: | New → Triaged |
| Changed in linux: | |
| importance: | Medium → Low |
| milestone: | ubuntu-8.10-beta → ubuntu-8.10 |
| Changed in linux-ubuntu-modules-2.6.24: | |
| importance: | Undecided → Low |
Revision history for this message
| Anders Kaseorg (andersk) wrote | #8 |
| Changed in ndiswrapper: | |
| status: | Unknown → Confirmed |
Revision history for this message
| Kees Cook (kees) wrote | #9 |
| Changed in linux: | |
| status: | Triaged → Fix Released |
| milestone: | ubuntu-8.10 → none |
Revision history for this message
| Kees Cook (kees) wrote | #10 |
Revision history for this message
| Kees Cook (kees) wrote | #11 |
| Changed in linux-ubuntu-modules-2.6.24: | |
| status: | Triaged → Fix Released |
Revision history for this message
| Kees Cook (kees) wrote | #12 |
| Changed in ndiswrapper: | |
| status: | New → Fix Released |
| Changed in ndiswrapper: | |
| status: | Confirmed → Fix Released |
| Changed in linux: | |
| status: | Fix Released → Confirmed |
| status: | Confirmed → Fix Released |
| Changed in ndiswrapper: | |
| status: | Fix Released → Fix Committed |
Revision history for this message
| Anders Kaseorg (andersk) wrote | #13 |
| Changed in ndiswrapper: | |
| status: | Fix Committed → Fix Released |
| Changed in ndiswrapper (Gentoo Linux): | |
| importance: | Unknown → High |
| Changed in ndiswrapper (Debian): | |
| status: | Unknown → Fix Released |
To post a comment you must log in.
Is your patch inverted?