Debian Security Advisory

DSA-1731-1 ndiswrapper -- buffer overflow

Date Reported:
02 Mar 2009
Affected Packages:
ndiswrapper
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 504696.
In Mitre's CVE dictionary: CVE-2008-4395.
More information:

Anders Kaseorg discovered that ndiswrapper suffers from buffer overflows via specially crafted wireless network traffic, due to incorrectly handling long ESSIDs. This could lead to the execution of arbitrary code.

For the oldstable distribution (etch), this problem has been fixed in version 1.28-1+etch1.

For the stable distribution (lenny), this problem has been fixed in version 1.53-2, which was already included in the lenny release.

For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 1.53-2.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Source:
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28-1+etch1.diff.gz
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28.orig.tar.gz
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28-1+etch1.dsc
Architecture-independent component:
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-common_1.28-1+etch1_all.deb
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-source_1.28-1+etch1_all.deb
AMD64:
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-utils-1.9_1.28-1+etch1_amd64.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-utils-1.9_1.28-1+etch1_i386.deb

MD5 checksums of the listed files are available in the original advisory.