CERT-In Vulnerability Note CIVN-2008-181
Linux Kernel 'lbs_process_bss()' Remote Denial of Service Vulnerability
Original Issue Date:
December 01, 2008
Severity Rating:
High
Systems Affected
- Linux kernel Versions prior to 2.6.27.5
Overview
A Buffer overflow vulnerability has been reported in Linux kernel libertas subsystem.
Description
Files in the drivers/net/wireless/libertas/ directory implements the support of Libertas WiFi
devices. A 802.11 host periodically scans the network, and the access point answers a Beacon
Probe Response containing the SSID (Service Set IDentifier) indicating the BSS (Basic Service
Set).
The lbs_process_bss() function of the drivers/net/wireless/libertas/
scan.c file analyzes these answers. However, if the size of the SSID is larger than 32 bytes, a buffer overflow occurs. This overflow does not lead to code execution. A remote attacker can stop systems with a Libertas device by sending a long WiFi answer.
Solutions
Upgrade to version 2.6.27.6
http://kernel.org/pub/linux/kernel/v2.6/patch-2.6.27.6.bz2
Vendor Information Kernel.org
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;
a=commit;h=48735d8d8bd701b1e0cd3d49c21e5e385ddcb077
References
Kernel.org
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git; a=commit;h=48735d8d8bd701b1e0cd3d49c21e5e385ddcb077
Security Database
http://www.security-database.com/detail.php?alert=CVE-2008-5134
Secunia
http://secunia.com/advisories/cve_reference/CVE-2008-5134/
SecurityFocus
http://www.securityfocus.com/bid/32484/
CVE Name
CVE-2008-5134
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
