Lan Barnes wrote:
On Sun, April 15, 2007 10:49 am, Gus Wirth wrote:
Lan Barnes wrote:
http://www.pcworld.com/article/id,130717-pg,1/article.html
I also read Slashdot. This is a month old and already fixed.
Gus
And therefore not worth mentioning? Because you read /.? Because it's a
month old (or recent)? Because it's been fixed? I need guidelines if I'm
not to waste your time in the future.
And did you mention it a month ago? Because I for one missed it.
Posting links from Slashdot doesn't have much value. But if you had done
a modicum of research you could have enlightened us. For example, I saw
that article and wondered about how long the vulnerability existed. So I
went to CERT <http://www.cert.org> and did a search on madwifi. I found
that CERT had issued an advisory in early DECEMBER 2006 (2006-12-08)
<http://www.kb.cert.org/vuls/id/925529>. From there I found that the
madwifi folks had issued the patch ONE DAY BEFORE THE ADVISORY. A fixed
version of the madwifi drivers has been available since that day.
Unless you haven't updated your madwifi drivers since mid-December 2006
and are still at less than version 0.9.2.1 you aren't vulnerable to this
exploit.
The value in this story is that the following happened:
1) Someone found a flaw
2) They quietly contacted the madwifi team
3) The madwifi team fixed the flaw
4) The madwifi team publishes a fix
5) The world is notified that there is a problem and a fix is available
I think this is the way it should be.
The bad part of this story is that somehow something that was found and
fixed over four months ago somehow rears it's head as a "My god, Linux
has a bug!" and gets regurgitated all over the place.
Gus
PS. Ford Pinto's may explode when crashed!
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
