ID

VAR-200712-0597


CVE

CVE-2007-5938


TITLE

Intel iwlwifi of iwl_set_rate() Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-001139

DESCRIPTION

The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization. The 'iwlwifi' drive is prone to a NULL-pointer dereference vulnerability because of a flaw in the 'compatible/iwl3945-base.c' file. Attackers can exploit this issue to trigger a kernel panic and cause denial-of-service conditions. Versions prior to iwlwifi 1.1.22 are vulnerable. Wireless WiFi Link is a wireless network card used in many notebooks. There is a loophole in the implementation of the Wireless WiFi Link network card driver, and a remote attacker may use this loophole to make the user's system unavailable. The iwl_set_rate() function of the compatible/iwl3945-base.c file in the iwlwifi driver of the Wireless WiFi Link network card has a null pointer reference vulnerability: static void iwl_set_rate(struct iwl_priv *priv) { const struct ieee80211_hw_mode *hw = NULL; struct ieee80211_rate *rate; int i; (1) hw = iwl_get_hw_mode(priv, priv->phymode); <-- not check ret priv->active_rate = 0; priv->active_rate_basic = 0; IWL_DEBUG_RATE("Setting rates for 802.11%c\n" , hw->mode == MODE_IEEE80211A ? 'a' : ((hw->mode == MODE_IEEE80211B) ? 'b' : 'g')); (2) for (i = 0; i < hw->num_rates; i++) { <-- null deref. (1) does not check the return value of iwl_get_hw_mode, if NULL is returned, it will cause (2) to reference a null pointer. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA29236 VERIFY ADVISORY: http://secunia.com/advisories/29236/ CRITICAL: Less critical IMPACT: Unknown, Security Bypass, DoS WHERE: Local system OPERATING SYSTEM: Red Hat Enterprise Linux Desktop (v. 5 client) http://secunia.com/product/13653/ Red Hat Enterprise Linux (v. 5 server) http://secunia.com/product/13652/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes a security issue and some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS (Denial of Service). For more information: SA27842 SA27915 SA28696 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2008-0154.html OTHER REFERENCES: SA27842: http://secunia.com/advisories/27842/ SA27915: http://secunia.com/advisories/27915/ SA28696: http://secunia.com/advisories/28696/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-5938 // JVNDB: JVNDB-2007-001139 // BID: 26842 // VULHUB: VHN-29300 // PACKETSTORM: 64302

AFFECTED PRODUCTS

vendor:intelmodel:wireless wifi link 4965agnscope:eqversion:1.1.21

Trust: 1.6

vendor:intelmodel:pro wireless 3945abgscope:eqversion:1.1.21

Trust: 1.6

vendor:intelmodel:iwlwifiscope:lteversion:1.1.21 and earlier

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:linuxmodel:kernelscope:ltversion:version

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:2.6.24

Trust: 0.8

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:intelmodel:iwlwifiscope:eqversion:1.2.21

Trust: 0.3

vendor:intelmodel:iwlwifiscope:eqversion:1.2.20

Trust: 0.3

vendor:gentoomodel:net-wireless/iwlwifi 1.1.21-r1scope: - version: -

Trust: 0.3

vendor:intelmodel:iwlwifiscope:neversion:1.2.22

Trust: 0.3

sources: BID: 26842 // JVNDB: JVNDB-2007-001139 // CNNVD: CNNVD-200712-062 // NVD: CVE-2007-5938

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-5938
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-5938
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200712-062
value: MEDIUM

Trust: 0.6

VULHUB: VHN-29300
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-5938
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-29300
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-29300 // JVNDB: JVNDB-2007-001139 // CNNVD: CNNVD-200712-062 // NVD: CVE-2007-5938

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-29300 // JVNDB: JVNDB-2007-001139 // NVD: CVE-2007-5938

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200712-062

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200712-062

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001139

PATCH

title:kernel-2.6.18-53.11AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=215

Trust: 0.8

title:iwlwifi: fix possibly NULL dereference in iwl_set_rate()url:http://www.intellinuxwireless.org/repos/?p=iwlwifi.git;a=commitdiff;h=25db44d4cdfe31d59223d74cb577f4a71aff1a40

Trust: 0.8

title:ChangeLog-2.6.24url:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24

Trust: 0.8

title:RHSA-2008:0154url:https://rhn.redhat.com/errata/RHSA-2008-0154.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-001139

EXTERNAL IDS

db:NVDid:CVE-2007-5938

Trust: 2.8

db:BIDid:26842

Trust: 2.8

db:SECUNIAid:29236

Trust: 1.8

db:VUPENid:ADV-2007-4211

Trust: 1.7

db:OSVDBid:44749

Trust: 1.7

db:JVNDBid:JVNDB-2007-001139

Trust: 0.8

db:REDHATid:RHSA-2008:0154

Trust: 0.6

db:NSFOCUSid:11277

Trust: 0.6

db:CNNVDid:CNNVD-200712-062

Trust: 0.6

db:VULHUBid:VHN-29300

Trust: 0.1

db:PACKETSTORMid:64302

Trust: 0.1

sources: VULHUB: VHN-29300 // BID: 26842 // JVNDB: JVNDB-2007-001139 // PACKETSTORM: 64302 // CNNVD: CNNVD-200712-062 // NVD: CVE-2007-5938

REFERENCES

url:http://www.securityfocus.com/bid/26842

Trust: 2.5

url:http://bugs.gentoo.org/show_bug.cgi?id=199209

Trust: 2.0

url:http://article.gmane.org/gmane.linux.drivers.ipw3945.devel/1618

Trust: 2.0

url:http://osvdb.org/44749

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2008-0154.html

Trust: 1.7

url:http://secunia.com/advisories/29236

Trust: 1.7

url:http://www.frsirt.com/english/advisories/2007/4211

Trust: 1.4

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10787

Trust: 1.1

url:http://www.vupen.com/english/advisories/2007/4211

Trust: 1.1

url:http://www.intellinuxwireless.org/repos/?p=iwlwifi.git%3ba=commitdiff%3bh=25db44d4cdfe31d59223d74cb577f4a71aff1a40

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5938

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5938

Trust: 0.8

url:http://www.intellinuxwireless.org/repos/?p=iwlwifi.git;a=commitdiff;h=25db44d4cdfe31d59223d74cb577f4a71aff1a40

Trust: 0.7

url:http://www.nsfocus.net/vulndb/11277

Trust: 0.6

url:http://rhn.redhat.com/errata/rhsa-2008-0154.html

Trust: 0.4

url:http://www.intellinuxwireless.org

Trust: 0.3

url:http://secunia.com/advisories/29236/

Trust: 0.1

url:http://secunia.com/product/13652/

Trust: 0.1

url:http://secunia.com/advisories/28696/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:https://psi.secunia.com/?page=changelog

Trust: 0.1

url:https://psi.secunia.com/

Trust: 0.1

url:http://rhn.redhat.com

Trust: 0.1

url:http://secunia.com/advisories/27842/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/13653/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/advisories/27915/

Trust: 0.1

sources: VULHUB: VHN-29300 // BID: 26842 // JVNDB: JVNDB-2007-001139 // PACKETSTORM: 64302 // CNNVD: CNNVD-200712-062 // NVD: CVE-2007-5938

CREDITS

Ian Schram ischram@telenet.be

Trust: 0.6

sources: CNNVD: CNNVD-200712-062

SOURCES

db:VULHUBid:VHN-29300
db:BIDid:26842
db:JVNDBid:JVNDB-2007-001139
db:PACKETSTORMid:64302
db:CNNVDid:CNNVD-200712-062
db:NVDid:CVE-2007-5938

LAST UPDATE DATE

2024-08-14T12:17:44.147000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-29300date:2017-09-29T00:00:00
db:BIDid:26842date:2008-03-05T17:42:00
db:JVNDBid:JVNDB-2007-001139date:2008-10-30T00:00:00
db:CNNVDid:CNNVD-200712-062date:2007-12-06T00:00:00
db:NVDid:CVE-2007-5938date:2023-11-07T02:01:24.580

SOURCES RELEASE DATE

db:VULHUBid:VHN-29300date:2007-12-06T00:00:00
db:BIDid:26842date:2007-12-12T00:00:00
db:JVNDBid:JVNDB-2007-001139date:2008-03-21T00:00:00
db:PACKETSTORMid:64302date:2008-03-12T17:55:23
db:CNNVDid:CNNVD-200712-062date:2007-12-06T00:00:00
db:NVDid:CVE-2007-5938date:2007-12-06T15:46:00