reopen 323386 tags 323386 etch sarge retitle 323386 kismet: Security vulnerabilities CAN-2005-2626 and CAN-2005-2627 present in sarge and etch thanks
Dear maintainer, the version currently distributed of kismet in stable and testing has several security issues. You should reopen a security bug right after an upload and tag it appropiately so it can be tracked in our other distributions. More information on these issues is available at: http://www.kismetwireless.net/blog/?entry=/kismet/entry-1124158146.txt " Released version 2005-08-R1, addressing several potentially critical security flaws: 1. Handling of unprintable characters in the SSID. I still can't replicate this one myself, but people reported it, and I've made the handling of unprintables much more obvious and correct. 2. Integer underflows in pcap handling. These were meaningless for normal operation (only applied to kernel headers, and if you own the kernel, owning kismet is pointless) but they could cause heap corruption/exploitation on replaying a pcapfile w/ kernel headers. 3. Integer underflow in data frame dissection. This is the most serious, and could lead to heap exploits with malformed remote data. I still don't have info about the exact nature of the exploits announced at Defcon, but I can't wait any longer. The current issues fixed are serious, and may encompass the announced exploits. " For more information see also http://www.frsirt.com/english/advisories/2005/1422 Since the versions available in previous Debian releases predates this one the maintainer should determine wether the version in stable is indeed vulnerable and contact the Debian Security Team with a patch so a DSA is issued. The bug should be retained once a DSA is issued and tagged 'etch' to track the evolution of this bug until the current version in sid (2005.08.R1-1) moves in to testing. Regards Javier Note: The Gentoo advisory might also be of help: http://www.gentoo.org/security/en/glsa/glsa-200508-10.xml
signature.asc
Description: Digital signature
