CVE-2007-2831 - Vulnerability Details - OpenCVE

ReportizFlow

Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Madwifi	Madwifi

Configuration 1 [-]

OR	cpe:2.3:a:madwifi:madwifi::::::::
	cpe:2.3:a:madwifi:madwifi:0.9.0:::::::*
	cpe:2.3:a:madwifi:madwifi:0.9.1:::::::*
	cpe:2.3:a:madwifi:madwifi:0.9.2:::::::*
	cpe:2.3:a:madwifi:madwifi:0.9.2.1:::::::*

No data.

References

Link	Providers
http://madwifi.org/ticket/1334
http://madwifi.org/wiki/Security
http://osvdb.org/36637
http://secunia.com/advisories/25339
http://secunia.com/advisories/25622
http://secunia.com/advisories/25763
http://secunia.com/advisories/25861
http://secunia.com/advisories/26083
http://security.gentoo.org/glsa/glsa-200706-04.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:132
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.securityfocus.com/archive/1/470674/100/100/threaded
http://www.securityfocus.com/bid/24114
http://www.ubuntu.com/usn/usn-479-1
http://www.vupen.com/english/advisories/2007/1919
https://exchange.xforce.ibmcloud.com/vulnerabilities/34453

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-24T01:29:00

Updated: 2024-08-07T13:49:57.404Z

Reserved: 2007-05-23T00:00:00

Link: CVE-2007-2831

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-05-24T02:30:00.000

Modified: 2024-11-21T00:31:46.047

Link: CVE-2007-2831

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-23T00:00:00", "descriptions": [{"lang": "en", "value": "Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-479-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-479-1"}, {"name": "GLSA-200706-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200706-04.xml"}, {"name": "25339", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25339"}, {"name": "24114", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24114"}, {"name": "26083", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26083"}, {"name": "25622", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25622"}, {"name": "SUSE-SR:2007:014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://madwifi.org/ticket/1334"}, {"name": "25763", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25763"}, {"name": "MDKSA-2007:132", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:132"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://madwifi.org/wiki/Security"}, {"name": "36637", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36637"}, {"name": "25861", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25861"}, {"name": "madwifi-ieee80211ioctlgetwmmparams-dos(34453)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34453"}, {"name": "ADV-2007-1919", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1919"}, {"name": "20070606 FLEA-2007-0021-2: madwifi", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/470674/100/100/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2007-2831", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-479-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-479-1"}, {"name": "GLSA-200706-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200706-04.xml"}, {"name": "25339", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25339"}, {"name": "24114", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24114"}, {"name": "26083", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26083"}, {"name": "25622", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25622"}, {"name": "SUSE-SR:2007:014", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"}, {"name": "http://madwifi.org/ticket/1334", "refsource": "CONFIRM", "url": "http://madwifi.org/ticket/1334"}, {"name": "25763", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25763"}, {"name": "MDKSA-2007:132", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:132"}, {"name": "http://madwifi.org/wiki/Security", "refsource": "CONFIRM", "url": "http://madwifi.org/wiki/Security"}, {"name": "36637", "refsource": "OSVDB", "url": "http://osvdb.org/36637"}, {"name": "25861", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25861"}, {"name": "madwifi-ieee80211ioctlgetwmmparams-dos(34453)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34453"}, {"name": "ADV-2007-1919", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1919"}, {"name": "20070606 FLEA-2007-0021-2: madwifi", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/470674/100/100/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:49:57.404Z"}, "title": "CVE Program Container", "references": [{"name": "USN-479-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-479-1"}, {"name": "GLSA-200706-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200706-04.xml"}, {"name": "25339", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25339"}, {"name": "24114", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24114"}, {"name": "26083", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26083"}, {"name": "25622", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25622"}, {"name": "SUSE-SR:2007:014", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://madwifi.org/ticket/1334"}, {"name": "25763", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25763"}, {"name": "MDKSA-2007:132", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:132"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://madwifi.org/wiki/Security"}, {"name": "36637", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36637"}, {"name": "25861", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25861"}, {"name": "madwifi-ieee80211ioctlgetwmmparams-dos(34453)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34453"}, {"name": "ADV-2007-1919", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1919"}, {"name": "20070606 FLEA-2007-0021-2: madwifi", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/470674/100/100/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2831", "datePublished": "2007-05-24T01:29:00", "dateReserved": "2007-05-23T00:00:00", "dateUpdated": "2024-08-07T13:49:57.404Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:madwifi:madwifi:*:*:*:*:*:*:*:*", "matchCriteriaId": "D52DDD74-8FED-45AD-AF38-9ECEA2DE07C3", "versionEndIncluding": "0.9.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:madwifi:madwifi:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "5ADB6BFE-CEB2-4DFD-AB76-7A47708997AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:madwifi:madwifi:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "5A2309CA-C570-4994-A25C-452762651E73", "vulnerable": true}, {"criteria": "cpe:2.3:a:madwifi:madwifi:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "BA6E66DE-5EF4-4772-ADCB-98DA4C8D4521", "vulnerable": true}, {"criteria": "cpe:2.3:a:madwifi:madwifi:0.9.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "180B84A9-47AC-404A-A7D7-91EEA8BAB6D4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value."}, {"lang": "es", "value": "El error de \u00edndice de matriz en las funciones (1) ieee80211_ioctl_getwmmparams y (2) ieee80211_ioctl_setwmmparams en el archivo net80211/ieee80211_wireless.c en MadWifi anterior a versi\u00f3n 0.9.3.1 permite que los usuarios locales causen una denegaci\u00f3n de servicio (bloqueo del sistema), posiblemente obtengan el contenido de la memoria kernel, y posiblemente se encuentren c\u00f3digo arbitrario por medio de un gran valor de \u00edndice de matriz negativa."}], "id": "CVE-2007-2831", "lastModified": "2024-11-21T00:31:46.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-24T02:30:00.000", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "http://madwifi.org/ticket/1334"}, {"source": "[email protected]", "tags": ["Patch"], "url": "http://madwifi.org/wiki/Security"}, {"source": "[email protected]", "url": "http://osvdb.org/36637"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25339"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25622"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25763"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25861"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26083"}, {"source": "[email protected]", "url": "http://security.gentoo.org/glsa/glsa-200706-04.xml"}, {"source": "[email protected]", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:132"}, {"source": "[email protected]", "url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/archive/1/470674/100/100/threaded"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/24114"}, {"source": "[email protected]", "url": "http://www.ubuntu.com/usn/usn-479-1"}, {"source": "[email protected]", "url": "http://www.vupen.com/english/advisories/2007/1919"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34453"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://madwifi.org/ticket/1334"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://madwifi.org/wiki/Security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/36637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200706-04.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/470674/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24114"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-479-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1919"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34453"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "[email protected]", "type": "Primary"}]}