Novell is now a part of Micro Focus

Security update for madwifi


(Last modified: 19JUL2007)

solutions Security update for madwifi SuSE Linux Maintenance Web (e359f84108f33e47c88b77987c15390b)

Applies to

Package: madwifi
Product(s): SUSE Linux Enterprise Desktop 10 SP1 for x86
SUSE Linux Enterprise Desktop 10 SP1 for AMD64 and Intel EM64T
SLE SDK 10 SP1 for x86
SLE SDK 10 SP1 for X86-64
Zypp-Patch-Number: 3897
Release: 20070719
Obsoletes: none


Install this update.



Problem description

The madwifi driver and userland packages were updated to Please note that while the RPM version still says "0.9.3", the content is the version.
This updates fixes following security problems:
  • CVE-2007-2829: The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference.
  • CVE-2007-2830: The ath_beacon_config function in if_ath.c in MadWifi before allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.
  • CVE-2007-2831: Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.
"remote attackers" are attackers within range of the WiFi reception of the card.
Please note that the problems fixed in 0.9.3 were fixed by the madwifi Version upgrade to 0.9.3 in SLE10 Service Pack 1. (CVE-2005-4835, CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2006-7180).


Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh madwifi.rpm madwifi-devel.rpm madwifi-kmp-default.rpm madwifi-kmp-smp.rpm madwifi-kmp-bigsmp.rpm

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Copyright Micro Focus or one of its affiliates